Install Russian keyboard to prevent ransomware attacks and hacks

Russian language settings and other tricks can help protect against hackers and malware distributors

Russian or Ukrainian keyboard can indicate that your computer is used by a Russian person, so ransomware is not going to execute its code.

Recent incidents^[1] and changes in cybersecurity policies show that people desperately need to take some actions to avoid hackers and malware attacks. This goes for everyday users ad for large companies. Profit is the main goal for such criminals because they want to make money from victims, so large companies, organizations, businesses in various industries remain common targets for these threats.^[2]

Research and various tendencies show that ransomware creators include the feature set to skip the installation on devices where a particular language keyboard is installed.^[3] Russian or Ukrainian languages are the typical exceptions, so it can become one of a few ways to avoid ransomware infections.

DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin.

The analyzed DarkSide ransomware, and many other threats focused on cryptocurrency extortion, include code that installs malicious threats after the system check. In Russia, investigations against criminals like these are commonly not initiated unless the company claims to be a victim. Ransomware is often linked with Eastern European countries and hackers, so this exception technique ensures that affiliates of the virus cannot become victims of the hack or threat infection. It also helps to minimize the scrutiny and avoid interference from authorities.

The malware will exit without attacking if the particular language is installed

Many malware strains check for the keyboard options or language installs when the system is infiltrated. If the particular exclusion language is added, the intruder leaves the machine without executing the malicious code. Main region/language/ keyboard exclusions:

• Russian;
• Ukrainian;
• Belarusian;
• Tajik;
• Armenian;
• Azerbaijani;
• Georgian.

These regions may vary, but the main keyboard option that criminals focus on is Cyrillic.^[4] when the huge ransomware group is spreading worldwide, many experts tend to look for connections to other threats and known hacker groups. The most dangerous and the most reported threats^[5] in this cryptovirus category remain possible Russian hacker creations like STOP/ Djvu,^[6] REvil/ Sodinokibi, Phobos, Dharma, Makop.

File-ecncryption threats mainly originate from Russian hackers.

When it comes to regions where malware spreads and is reported, Asia is the most common one. The United States comes next, and then other areas follow. However, based on these findings, it is clear that Eastern Europe is not common in these ransomware and other threat attacks. It is believed that hackers do not target their people, so criminals tend to aim further away. It can be relatively easy and not invasive to add the Russian language to your options and install the keyboard settings.

The ransomware infection process explained

Changing language settings or adding a particular keyboard is not difficult, but you should take other security measures. Whether you are a part of a big company or government institution or the everyday user that surfs online daily, you need to take precautionary measures. Understanding how ransomware works is important too here.

Ransomware infects the machine by sending the payload on the targeted device. There are many ways that creators manage to do so.^[7] Attack is not starting until the system is checked. If those exclusions are not found, the payload is dropped and launched. Once that is done, the malware gets executed, and files get locked, encrypted, deleted, stolen, or copied. Attackers then receive the notification that the virus was executed. The victim receives the unique key for identification, and the encryption procedure can end with the money extortion and ransom note delivery.

Payment requests and the inability to access files scare victims into considering the ransom paying. Cryptocurrency transfer should be exchanged for the decryption option that can recover files affected in this attack. This is multi-stage malware, and it can be less advanced or more improved, depending on the criminals who created the virus. Sometimes malware steals particular files from huge databases and exports additional payments when victims refuse to pay up. This double-extortion and data-stealing technique became popular in 2020.^[8]

Common countries that get ransomware infections are mainly located in Asia and US.

Other tips for companies and everyday users that want to avoid ransomware

Dealing with any threat can be stressful and frustrating, but ransomware threats are one of the most dangerous. It depends on who lucky you are and how advanced the virus version you get. It may seem that saying for those criminals is the only option, but often it doesn't mean that locked or affected data will be recovered after all.

Learning from the significant incidents can help prevent these attacks in the future, and mistakes done by others can help to teach industries and governments to improve their security measures. Detecting the ransomware that is already on the machine is not enough. Precautionary measures are needed to prevent the attack in the first place.

• Know what valuable assets are connected to the network. Keep the list of connected software and hardware up to date.
• Personalize security settings. Ransomware can be distributed when the email attachment is opened, so the email server's configuration to block particular types of extensions can help.
• Be cautious and attentive. Think twice before clicking on any link or attachment that looks even a little suspicious. Do not download programs from random sources and torrent sites. Phishing emails and bad links can have major negative consequences.
• Avoid personal information reveal. Criminals can aim to get your personal information and send secondary attacks. Your social media posts, profiles, and other sources can store details that shouldn't be accessible to anyone.
• Educate your employees. Teach all staff members about phishing emails, malicious vectors, common types of circulating attacks. Awareness and training can help avoid infections when people are familiar with tactics.
• Patch and update the software. Keeping machines smoothly working and solving all issues when they occur can help keep the security of the device strong. Exploitation can happen when attackers rely on some vulnerabilities.
• Use Show File Extensions feature. This Windows function allows you to tell what types of files are opened quickly, so you can stay away from potential threats.
• Keep backups. Enterprises and personal computer users should keep current file backups and store essential data on external devices. This is the easiest way to restore any lost data.
• Use VPN services and avid public Wi-fi. Be cautious when using a public network because you cannot be sure about protective measures against malware and make your computer vulnerable to attacks.

Carefulness and caution is the most important thing with any malware. You can be prepared and rely on excellent security software and combat ransomware or different malware. This type of malware targets files directly, so you should be more encouraged to do more frequent backups and prevent attackers. Malicious actors and their products get advanced, which should also resemble the cybersecurity measures that enterprises and people take.