The ransomware attack on Kaseya was coded not to target Russia

The ransomware attack on Kaseya was coded not to target Russia

According to experts, the malware would have avoided systems that use predefined languages ​​used in the republics of the former Soviet Union

(photo: Unsplash) What appeared to be an indiscriminate ransomware attack, as it hit and blocked thousands of companies small and large in the United States and other parts of the world, perhaps it was not so indiscriminate. According to cybersecurity experts, the malware that hit the American IT service provider, Kaseya, and its customers, may have been encrypted so as not to harm everyone. Trustwave researchers found that the virus avoided the systems of the former Soviet Union countries.

Trustwave said that the ransomware "avoids systems that have predefined languages ​​from what was the former Soviet region. 'USSR. This includes Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian, Russian Moldovan, Syriac and Syrian Arab ".

Claiming the attack is was the hacker group REvil, which according to analysts operates in Russia with the tacit consent of the authorities and which had already become the protagonist of other attacks in recent weeks.

Security experts had previously suggested that the installing a Cyrillic keyboard might be enough to convince a malware that you are Russian. Malware usually scans the list of keyboards installed in Windows in an attempt to determine the country of use of the target computer.

Last weekend's attack hit Kaseya's VSA (Virtual System / Server Administrator) platform. It involved approximately 60 out of 35,000 customers who use the on-premise version of the platform, many of whom are themselves suppliers who provide services to third parties using Vsa to manage other companies' networks. REvil exploited a bug in the system to distribute ransomware on computers all over the world, except, it turned out, in Russia and other countries of the former Soviet Union

This action, which has blocked small and large businesses chains like the Swedish Coop, demanding the payment of a ransom, has already been called the largest ransomware campaign ever.

Business - Jul 8

Champagne and Prosecco have become a geopolitical issue

Gettr, the new pro-Trump social network, was immediately hacked

Cybercriminals behind latest ransomware attack demand $ 70 million ransom money


Hacker Russia globalData.fldTopic = "Hacker, Russia"

This opera is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.