Just add those two keys into your registry: https://github.com/Unit221B/Russian
For persistance install the russian keyboard driver, and switch back to your original.
mrkramer 1 day ago|
That's a funny way to combat Russian made malware but I think Russian malware checks which keyboard language you are currently using and not which ones are in total present on your OS.
rurban 1 day ago||
Nope, it checks which keyboards are installed in these reg entries, not which are currently used. That's the well-known windows trick every ms admin should know
mrkramer 1 day ago||
Is there a way to check which one is currently in use? There must be. So Russians are slacking on this one? Also they could check in which language are files and folders named or they could check timezone or something. Years ago I loved to read malware RE articles and I remember they also checked for Belarussian, Ukrainian and most of the ex-USSR countries' languages. Isn't the most efficient way to check external IP address of the device, ofc if it has one.
skeezyboy 1 day ago||
geolocations of IPs change all the time, malware would need to speak to some server somewhere to get a current list. the russian keyboard method doesnt have the same risk of discovery
mrkramer 1 day ago||
Yea I know and some computers might not be connected to the internet but to some local network and tbh 99% of people won't install Russian or some ex-USSR language packs just to potentially protect from Russian made malware.
fracus 1 day ago||
The title alone is hilarious because it obviously implies, probably correctly so, that most ransomware comes from Russia.
adastra22 1 day ago||
Isn't this widely known background context?
supertrope 1 day ago||
And other CIS countries. It turns out if the authorities don't prosecute computer criminals and wire fraudsters unless there's a domestic victim, they will run amok.
amelius 1 day ago||
So woudn't the next step in this cat and mouse game be that they check if the keyboard is actually being used?
zzo38computer 1 day ago||
If they change it, will they make it to check the time zone as well as the keyboard layout (and possibly others)?
lenerdenator 1 day ago||
And they'll keep doing it because we don't make an example out of them.
charcircuit 1 day ago||
I would find the why more interesting. Is there a common library virtually all ransomware uses? Are virtually all ransomware copy pastes of each other? Is there a popular forum post detailing the trick?
chisleu 1 day ago||
There are lots of malware families. Russian hackers, scammers, and such are basically celebrated in Russia for attacking the west. But they get in big trouble if they screw anything up inside Russia. Hence, the "safety mechanism" here.
charcircuit 1 day ago||
Yes, but this is a specific safety mechanism, why this is over others?
chisleu 1 day ago|||
It's simple for the malware to check. For instance, you don't want to hit a Russian oligarch's laptop w/ ransomware just because his GPS says he is in another country. You don't want to trust the outbound ip because they might be on a VPN, etc. This is more broad and simple and easy. Can you think of a better way?
charcircuit 1 day ago||
You could check what language the operating is set to, or the browser bookmarks /history to name a couple.
Checking installed keyboards is somewhat obscure and sounds like something someone cleverly came up with and I'm interested in how is sprea
zarzavat 1 day ago||
Language wouldn't work, many bilingual people prefer to have their UI language set to English even if it's not their native language.
make3 1 day ago|||
convergent evolution
charcircuit 1 day ago||
If you look at how it's compiled you can tell if it's using the same code, or if they converged to use similar strategies.
v5v3 1 day ago||
I read that only a few parties create ransomware, and they then charge a subscription to the end hackers to us it.
Razengan 1 day ago||
I KNEW keeping a Russian keyboard to type ( ;´Д`) would have practical uses!
culebron21 1 day ago|
You may also want to use хД (Russian for xD)
grishka 1 day ago||
лол)))))))
gazatunnelrats 1 day ago||
[flagged]
jekwoooooe 1 day ago|
[flagged]
supertrope 1 day ago||
The Internet is by definition universal. Autonomous Systems make their own routing decisions. We cannot cut them off the Internet any more than we can cut off their sea access. If we were to do so (analogous to a naval blockade) you'd have succeeded in only cutting off civilians. Government sponsored or tolerated criminals would still ply their trade like in N Korea.
skeezyboy 1 day ago||
i had fun with a russian guy on rust once but otherwise cut em all off