Cyrillic on the keyboard may become a “vaccine” against Russian hackers

After the sensational cyberattack on the American fuel giant Colonial Pipeline, experts proposed a kind of “vaccine” against Russian hackers.

The cybercriminal group DarkSide behind the attack on the Colonial Pipeline hastened to disown any political motives.

According to the hackers, they are apolitical and “do not participate in geopolitics.” However, according to journalist Brian Krebs, the cybercriminals’ statement is not true.

Here’s the thing: digital ransomware groups like DarkSide are very concerned about making their entire platform geopolitical because their malware is specifically designed to work only in certain parts of the world.Krebs writes.

According to the journalist, similarly to other ransomware programs, DarkSide contains an embedded list of countries in which it does not infect computer systems. As a rule, this list includes the countries of the former USSR and the CIS countries. In particular, the DarkSide list includes: Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Romania, Syria, Turkmenistan, Tajikistan, Tatarstan, Ukraine and Uzbekistan.

Before installing on a system, the malware checks for the presence of the language of the country from the list and, if it is detected, is not installed.

Cybercriminals are known to react quickly to defenses that reduce their profitability, so why don’t the bad guys just make a difference and start ignoring language checks? Well, they certainly can and maybe even will (the latest version of DarkSide analyzed by Mandiant does not check the system language).the journalist said.

However, the refuse from language check increases the security risk of cybercriminals themselves and reduces profits, explained the chief researcher of the New York-based information security company Unit221B Allison Nixon.

Because of Russia’s “unique legal culture”, Nixon said, Russian cybercriminals use language tests to make sure their victims are abroad.

They do it for legal protection. Installing a Cyrillic keyboard or changing a specific registry entry to “RU”, etc., may be enough to convince malware that you are Russian. Technically, this can be used as a “vaccine” against Russian malware.Nixon explained.

Does this mean that installing the Russian layout will one hundred percent secure the system from hackers? Not. There are many groups in the cybercriminal world that, unlike DarkSide, don’t care about the victims of their attacks. Changing language settings cannot replace cyber hygiene and cybersecurity best practices, Krebs emphasizes. However, the expert sees no reason why not to try such simple preventive way to keep yourself safe.

The worst thing that can happen is that you accidentally switch language settings, and all your menu items will be in Russian.writes Krebs.

Let me remind you that I also wrote that NATO experimented with deceptive techniques to combat Russian hackers.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *