Skip to main content

This weird hack might help keep your PC safe from Russian hackers

Security Key
(Image credit: Pixabay)

One of the world’s leading cybersecurity experts has suggested an unorthodox mechanism to protect your computer from malware—install a Cyrillic keyboard.

In a Twitter discussion on ransomware operations, Brian Krebs suggested that a great many malware are programmed to not attack targets based in particular countries, which are usually the ones they operate from. 

Based on his analysis, Krebs suggests that malware usually peruses through the list of the installed keyboards in Windows in their bid to determine the targeted computer’s country of use.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

For instance, the recent DarkSide malware that brought down the Colonial Pipeline in the US, avoids machines that operate in countries which are the principal members of the Commonwealth of Independent States (CIS). 

“Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware,” Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B told Krebs.

Simple workarounds

Unit221B’s founder Lance James has gone one-step ahead and has shared a simple Windows batch script, which you can use to make your Windows servers default to the Russian language with a simple key-press.

During the discussion, others suggested adding entries to the Windows registry to make the computer advertise itself as a virtual machine (VM). The suggestion stems from the fact that several malware have traditionally avoided infecting the ephemeral VMs.

However, James shot down the idea, speaking to Krebs, adding that being a VM doesn’t dissuade malware anymore. “In fact, a lot of the ransomware we’re seeing now is running on VMs,” says James.

In any case, neither of these strategies guarantees that malware will avoid your computer, nor is installing a Cyrillic keyboard a replacement for having robust security software and taking regular backups.

Via KrebsOnSecurity