Security Market Segment LS
Tuesday, 18 May 2021 12:21

Emsisoft CTO ridicules claims that Russian keyboard setting could stop ransomware Featured

Emsisoft CTO ridicules claims that Russian keyboard setting could stop ransomware Image by Никита Сажин from Pixabay

The chief technology officer of New Zealand-headquartered Emsisoft, a firm well known for its efforts in helping ransomware victims, has poked fun at the "new 'innovative' ways people will claim to be the next big fix for ransomware".

"One of these eight-year-old running gags kinda turned into a real recommendation recently: Changing your keyboard layout to Russian," Fabian Wosar wrote in a tweet.

He appeared to be taking a dig at former Washington Post employee Brian Krebs who posted an article on his blog titled "Try This One Weird Trick Russian Hackers Hate" on 17 May US time.

Krebs wrote that "virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed – such as Russian or Ukrainian".

Wosar said the gag about the keyboard appeared to be an obvious one. "Ransomware TAs [threat actors] often blacklist certain countries from being targeted," he wrote.

"That is mostly due to the fact that some CIS [Commonwealth of Independent States, formerly part of the Soviet Union] countries will not extradite their citizens to foreign countries so TAs think that by avoiding breaking laws in their own country they are safe."

He said while most ransomware included checks for keyboard layout of default language, most checked the active or default configuration, not some registry key.

Krebs had also quoted Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B, as saying: "Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware.”

But Wosar said unless one actually wanted to use a system in Russian with a Russian keyboard, one would suffer a hit.

"...even if you do that, you will still get hit. Because what nobody tells you is that these checks are often optional and can be disabled with a simple config switch," he explained. "This is true for DarkSide, whose recent popularity sparked the conversation, and many of the others out there.

"Ransomware TAs will know everything about your company. They will know whether you are a real Russian company or not. After all, company registers are a thing and most likely your company name and website will be plastered all over your network. They'll simply change the config.

"So, instead of mass deploying a Russian keyboard layout to all your network, how about rolling out MFA [multi-factor authentication] and making sure your VPN appliances and Internet-facing systems are updated in a timely manner? You know, things that will actually improve your security posture."

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News