Ransomware attack affecting 20 countries brought target escape codes to Russia

Ransomware attack affecting 20 countries brought target escape codes to Russia

The latest chapter in the ransomware attacks marks 2021, with the crackdown against Kasia revealing how REWIL criminals are deliberately avoiding harming targets in Russia. According to a report by Trustwave SpiderLabs, the malware is configured so that it does not affect systems that use Russian or related languages ​​as their main language.

“They don’t want to upset local officials, and they know they’ll be able to run their business longer if they do,” Jive Mador, vice president of security research at Trustwave SpiderLabs, told NBC News. Already considered the largest attack of its kind in history, the Kasia system outage has affected hundreds of organizations around the world, and many of them are expected to take weeks to recover.

According to researcher Marcus Hutchins (publicly identified on Twitter as @MalwareTechBlog), this isn’t just behavior by Reville. According to him, it is common for malware codes to check language packs and CIS keyboards and the geographic location of their victims before continuing their operations.

“Unless attackers attempt to influence Russian users or companies, they are unlikely to be arrested,” Hutchins said. “I’m not really sure why the article cites a security company, claiming they were the first to identify it, given that it’s a well-known feature and talking about Revil because ransomware was first discovered,” he comments of the article. of NBC News.

READ  EU's recovery model will overtake the US - Money Times

Security agencies in the United States and the United Kingdom accused Russia of funding and harboring groups such as Reville, CozyBear and Darkside (among others) involved in actions affecting various companies and government organizations. The Kremlin often refuses to participate in such cases, claiming that none of them have official links with Moscow.

Source: NBC News, MalwareTechBlog/Twitter

Did you like this article?

Subscribe to your email at Canaltech to receive daily updates with the latest news from the world of technology.

Sarah Gracie

About the author: Sarah Gracie

Sarahis a reporter covering Amazon. She previously covered tech and transportation, and she broke stories on Uber's finances, self-driving car program, and cultural crisis. Before that, she covered cybersecurity in finance. Sarah's work has appeared in The Wall Street Journal, Bloomberg, Politico, and the Houston Chronicle.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *