Latest Ransomware Developed to Avoid Russian Systems

According to new research provided by Trustwave, the code that REvil's cybercriminals used to launch a recent large-scale ransomware campaign was written in such a way that it avoids machines whose primary language is Russian or a related language, says NBC News. 

Ziv Mador, the vice president of security research at Trustwave SpiderLabs' said, "They don't want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way,"

According to Trustwave, the ransomware avoids systems that have Tajik, Belarusian, Ukrainian, Russian, Armenian, Georgian, Azerbaijani, Kyrgyz, Turkmen, Uzbek, Kazakh, Russian Moldova, Romanian, Syriac, Syriac Arabic, and Tatar as their default language.

REvil's ransomware was created with the intention of avoiding attacks on former communist countries

Joe Biden revealed Tuesday that his administration has yet to discover the source of the latest attack. According to security researchers, while the ransomware does not appear to have had a significant impact on the United States, it is estimated to be the largest ransomware attack in history due to the sheer volume of victims infected - about 1,500 companies worldwide.

It was a particularly complex attack that exploited a previously undiscovered software flaw, a zero-day vulnerability, to infect one IT company, that then infected other IT companies, which in turn infected hundreds of consumers.

If malware developers choose to hardcode this type of avoidance setting, it could indicate that they are aware of their malware's ability to widespread itself during launch and have decided to protect Russia and Russian-speaking countries in their hacking activities.

Brian Krebs, cybersecurity expert, even suggested that users can prevent their computers from becoming infected with malware by installing a Russian language virtual keyboard on their Windows computers. Take note that it doesn't work all the time.