SwaCash | Internet Marketing | Digital Marketing
According to a report by cybersecurity firm Trustwave SpiderLabs relayed by NBC, the ransomware that hit IT firm Kaseya on July 2, 2021, contains code to bypass any system that uses Russian or a related language. The group behind the attack, REvil, is known to operate from Russian territory.
On July 6, 2021, the US administration said it had not yet been able to identify the origin of the ransomware, which has affected between 800 and 1,500 organizations, according to estimates. For some, the number is even higher. The ransom of REVIL reached 70 million. However, eyes quickly turned to Russia.
The Trustwave SpiderLabs report appears to confirm this suspicion. According to information gathered by the researchers, the ransomware is designed to avoid “systems whose default languages come from what used to be the USSR region.” This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Moldovan Russian, Syriac and Syriac Arabic”. It is not the only one to have such an option. Ransomware from the DarkSide group, behind the May attack on Colonial Pipeline, appeared to be equipped with a similar system.
Just because viruses are avoiding Russia doesn’t necessarily mean they’re being ordered for the Kremlin. It seems to be more of a protection against local authorities. Ziv Mador, vice president of security research at Trustwave SpiderLabs, told NBC : “They don’t want to annoy the local authorities and know they can go about their business for a lot longer if they do it this way.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417835/51684715392_2615642caa_o.jpg)
