Ransomware attacks from Eastern European groups are increasing in frequency and scope, and after last week’s Colonel Pipeline attack caused a scramble for gasoline across the U.S., people are asking how to defend themselves. Now, cybersecurity expert Brian Krebs suggests that people install the Windows 10 Russian keyboard on their computer to ward off attackers. But does this simple trick really work?
Krebs explains the reasoning behind this trick in a Twitter discussion and Krebs on Security blog post. According to him, Russian ransomware groups have an unspoken, somewhat symbiotic relationship with the Kremlin. So long as these groups avoid attacking countries within the Commonwealth of Independent States (former Soviet states that are still allies with Russia), then they can avoid prosecution and public scrutiny within their home country.
But computer viruses spread like wildfire, so how do ransomware groups like DarkSide (which the FBI blames for the Colonel Pipeline attack) keep allied countries out of their crosshairs? Krebs says that the solution is quite simple—if Russian malware detects that a Windows 10 computer has installed CIS keyboards, then it will destroy itself and leave the computer untouched. Krebs says that you don’t even need to use the foreign-language keyboard, you just need to install it through your Windows 10 settings.
It’s true, Russian malware sometimes contains self-destruct code to avoid controversy at home. These safeguards may check for installed keyboards and snoop through the Windows registry for tell-tale signs of a computer’s location on the global stage. But installing a Cyrillic keyboard isn’t an all-in-one safeguard against ransomware for a few reasons.
For one, not all ransomware has a self-destruct mechanism, and as ItWire notes, hackers can toggle these safeguards anytime they want. While installing a Cyrillic keyboard may give you a small layer of defense, you’re better off focusing on safe internet practices. Don’t open unknown email attachments, use 2FA and a password manager, and save backups important files to an external drive and multiple cloud services in case of an attack.
And if you’re a large business or local government, then the Russian keyboard trick is basically useless. Ransomware groups don’t just fumble their way into bringing down oil pipelines and hospitals, they research their victims for months or years before making any moves. For reference, DarkSide reportedly made $90 million in ransom payments from 47 victims over the last nine months—installing a Russian keyboard on some computers won’t stop hackers who are aiming for profits that large.
If you’re worried about ransomware, feel free to download a Russian language keyboard on your Windows computer or use Brian Krebs’ special script to add a Russian identifier to your Windows registry. But again, you’re probably better off focusing on proactive security tools, like 2FA, a VPN, and a password manager.
Source: Krebs on Security