Kevin Bae

Non-Social in a Socially Networked World

Simple fix to protect your Windows machine from Russian ransomware hackers

This may not be the Russian hacker you’re looking for

I was reading Brian Krebs’ blog,, and came across this odd little trick you can use if you’re a Windows user and are deathly afraid of Russian ransomware hackers.

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian.

Why does the trick work?

DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.

In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

Add a Russian or Ukrainian language keyboard to your Windows machine and you’re protected… sort of.