In a Twitter discussion on ransomware operations, Brian Krebs suggested that a great many malware are programmed to not attack targets based in particular countries, which are usually the ones they operate from.
Based on his analysis, Krebs suggests that malware usually peruses through the list of the installed keyboards in Windows in their bid to determine the targeted computer’s country of use.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best endpoint protection tools
- Check our list of the best firewall apps and services
- Here's our choice of the best malware removal software on the market
For instance, the recent DarkSide malware that brought down the Colonial Pipeline in the US, avoids machines that operate in countries which are the principal members of the Commonwealth of Independent States (CIS).
“Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware,” Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B told Krebs.
Unit221B’s founder Lance James has gone one-step ahead and has shared a simple Windows batch script, which you can use to make your Windows servers default to the Russian language with a simple key-press.
During the discussion, others suggested adding entries to the Windows registry to make the computer advertise itself as a virtual machine (VM). The suggestion stems from the fact that several malware have traditionally avoided infecting the ephemeral VMs.
However, James shot down the idea, speaking to Krebs, adding that being a VM doesn’t dissuade malware anymore. “In fact, a lot of the ransomware we’re seeing now is running on VMs,” says James.
In any case, neither of these strategies guarantees that malware will avoid your computer, nor is installing a Cyrillic keyboard a replacement for having robust security software and taking regular backups.
- Protect your devices with these best antivirus software