Security News > 2021 > May > Try This One Weird Trick Russian Hackers Hate

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed - such as Russian or Ukrainian.

Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they're detected the malware will exit and fail to install.

Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not.

"Installing a Cyrillic keyboard, or changing a specific registry entry to say 'RU', and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a 'vaccine' against Russian malware."

In a bid to stymie analysis by antivirus and security firms, some malware authors have traditionally configured their malware to quit installing if it detects it is running in a virtual environment.

James says he loves the idea of everyone adding a language from the CIS country list so much he's produced his own clickable two-line Windows batch script that adds a Russian language reference in the specific Windows registry keys that are checked by malware.

News URL

https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/