After the sensational cyberattack on the American fuel giant Colonial Pipeline, experts proposed a kind of “vaccine” against Russian hackers.
The cybercriminal group DarkSide behind the attack on the Colonial Pipeline hastened to disown any political motives.
According to the hackers, they are apolitical and “do not participate in geopolitics.” However, according to journalist Brian Krebs, the cybercriminals’ statement is not true.
According to the journalist, similarly to other ransomware programs, DarkSide contains an embedded list of countries in which it does not infect computer systems. As a rule, this list includes the countries of the former USSR and the CIS countries. In particular, the DarkSide list includes: Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Romania, Syria, Turkmenistan, Tajikistan, Tatarstan, Ukraine and Uzbekistan.
Before installing on a system, the malware checks for the presence of the language of the country from the list and, if it is detected, is not installed.
However, the refuse from language check increases the security risk of cybercriminals themselves and reduces profits, explained the chief researcher of the New York-based information security company Unit221B Allison Nixon.
Because of Russia’s “unique legal culture”, Nixon said, Russian cybercriminals use language tests to make sure their victims are abroad.
Does this mean that installing the Russian layout will one hundred percent secure the system from hackers? Not. There are many groups in the cybercriminal world that, unlike DarkSide, don’t care about the victims of their attacks. Changing language settings cannot replace cyber hygiene and cybersecurity best practices, Krebs emphasizes. However, the expert sees no reason why not to try such simple preventive way to keep yourself safe.
Let me remind you that I also wrote that NATO experimented with deceptive techniques to combat Russian hackers.