Report: Code in Ransomware Attack Written to Avoid Russian Computers

Russian hacker in the hood threatens with his fist against the backdrop of a tricolor from
Dmitry Nogaev/Getty Images

According to a recent report, the code used by the Russian-speaking hacking ring REvil in its ransomware attacks was written to avoid systems that primarily use the Russian language.

NBC News reports that the computer code used in the recent massive ransomware attack by the Russian-speaking hacking ring REvil was written so that it avoids systems that primarily use Russian or related languages, according to new research by a cybersecurity firm.

A report from Trustwave SpiderLabs obtained by NBC News claims that this feature has been known to be part of malicious software for some time. Ziv Mador, Trustwave SpiderLabs’ vice president of security research, stated: “They don’t want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way.”

The new discovery highlights how often ransomware code appears to originate in Russia and the former Soviet Union. President Biden said Tuesday that his administration has not yet determined where the latest attack originated. The recent attack does not appear to have had a significant disruptive impact inside the U.S. but is being called the largest ransomware attack in history due to infecting 1,500 organizations according to security researchers.

Trustwave said the ransomware “avoids systems that have default languages from what was the USSR region. This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Russian Moldova, Syriac, and Syriac Arabic.”

Read more at NBC News here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.