Experts: Changing The Language Setting Can Prevent Ransomware Infection

By changing the language and keyboard settings from a computer infections can be prevented by ransomware, so experts says. It has been known for years that several malware instances check the language and keyboard settings before infecting a system. When the language setting of, for example, former Soviet countries is found on the system, the malware switches itself off.

According to security researchers, the attackers are carrying out this check to avoid prosecution by the Russian authorities. “This is for their legal protection,” Unit221B's Allison Nixon told IT journalist Brian Krebs . "Installing a Cyrillic keyboard, or changing a registry key to" RU "can be enough to convince malware that you are Russian and should not be attacked. This is like a 'vaccine' against Russian malware."

Changing language and keyboard settings has become current again following the DarkSide ransomware attack on the Colonial Pipeline Company in the United States. A researcher had previously discovered that this ransomware does not infect systems in countries from the former Soviet Union, as reported last week. Several experts on Twitter claim that adding a Russian keyboard or language setting is often enough to trick ransomware.

“Ultimately, Russian hackers will face the same problem defenders in the West face - the fact that it is very difficult to distinguish a domestic from a foreign machine that masquerades as domestic,” said Nixon.

Adjusting these settings does not offer one hundred percent certainty. Recently, security company FireEye announced that it had found a copy of the DarkSide ransomware that did not check the system language.

Previous Post Next Post