This weird hack might help keep your PC safe from Russian hackers

Security Key
(Image credit: Pixabay)
Audio player loading…

One of the world’s leading cybersecurity (opens in new tab) experts has suggested an unorthodox mechanism to protect your computer from malware—install a Cyrillic keyboard (opens in new tab).

In a Twitter discussion on ransomware operations, Brian Krebs suggested that a great many malware (opens in new tab) are programmed to not attack targets based in particular countries, which are usually the ones they operate from. 

Based on his analysis, Krebs suggests that malware usually peruses through the list of the installed keyboards in Windows (opens in new tab) in their bid to determine the targeted computer’s country of use.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

For instance, the recent DarkSide malware (opens in new tab) that brought down the Colonial Pipeline (opens in new tab) in the US, avoids machines that operate in countries which are the principal members of the Commonwealth of Independent States (CIS). 

“Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware,” Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B told Krebs.

Simple workarounds

Unit221B’s founder Lance James has gone one-step ahead and has shared a simple Windows batch script (opens in new tab), which you can use to make your Windows servers (opens in new tab) default to the Russian language with a simple key-press.

During the discussion, others suggested adding entries to the Windows registry to make the computer advertise itself as a virtual machine (VM) (opens in new tab). The suggestion stems from the fact that several malware have traditionally avoided infecting the ephemeral VMs.

However, James shot down the idea, speaking to Krebs, adding that being a VM doesn’t dissuade malware anymore. “In fact, a lot of the ransomware we’re seeing now is running on VMs,” says James.

In any case, neither of these strategies guarantees that malware will avoid your computer, nor is installing a Cyrillic keyboard a replacement for having robust security software (opens in new tab) and taking regular backups (opens in new tab).

Via KrebsOnSecurity (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.