Posted on 05/17/2021 6:42:08 PM PDT by aimhigh
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.
The Twitter thread came up in a discussion on the ransomware attack against Colonial Pipeline, which earlier this month shut down 5,500 miles of fuel pipe for nearly a week, causing fuel station supply shortages throughout the country and driving up prices. The FBI said the attack was the work of DarkSide, a new-ish ransomware-as-a-service offering that says it targets only large corporations.
DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.
In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.
(Excerpt) Read more at krebsonsecurity.com ...
Of possible interest.
Interesting indeed, and makes sense.
lolz. Absolutely destroyed!
But James says he loves the idea of everyone adding a language from the CIS country list so much he’s produced his own clickable two-line Windows batch script that adds a Russian language reference in the specific Windows registry keys that are checked by malware. The script effectively allows one’s Windows PC to look like it has a Russian keyboard installed without actually downloading the added script libraries from Microsoft.
To install a different keyboard language on a Windows 10 computer the old fashioned way, hit the Windows key and X at the same time, then select Settings, and then select “Time and Language.” Select Language, and then scroll down and you should see an option to install another character set. Pick one, and the language should be installed the next time you reboot. Again, if for some reason you need to toggle between languages, Windows+Spacebar is your friend.
My prediction: This was disinformation and thousands of systems will be targeted while downloading Russian and Ukranian keyboards.
While you’re at it, install virtual Chinese and virtual Iranian keyboards.
Cover all the bases!
Set your time and location likewise?
If it works, the hackers are already figuring a work around.
Can we have two weird tricks?
It left hackers SPEECHLESS.
Helps to read the article, especially when you think you know everything.
Hacking is a huge industry in Russia causing problems for the rest of the world.
Could anyone give me a good reason why we allow Russian internet traffic to enter any western country? None of us visit Russian websites. Can we block them until they shape up?
I do virtual Esperanto.
Helps to read the article, especially when you think you know everything.
Throw in the Nigerian keyboard code, and you’ve got it covered!
“when you think you know everything”
I don’t? I was misinformed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.