All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly reviewing the news for interesting stories and developments in the cybersecurity world. Here’s what stood out to us during the week of September 27, 2021. We’ve also included the comments from a few folks here at Tripwire VERT.

REvil Ransomware Group Goes Offline

Back in July 2021, CyberNews reported that the REvil ransomware group’s website and infrastructure had gone offline. It was just a few weeks later when the security community witnessed the emergence of BlackMatter. This ransomware project “incorporated in itself the best features of DarkSide, REvil, and LockBit,” per The Record. Whatever that means, it didn’t stop REvil from re-emerging later in the year, as reported by Bleeping Computer.

John Wenning | Security analyst at Tripwire

Nearly all varieties of ransomware simply leave your computer alone if you have a Russian keyboard installed. KrebsonSecurity also had an article on this topic titled, “Try This One Weird Trick Russian Hackers Hate.” This article says, “The fact that there is a malware whitelist (i.e., do not operate) on computers with Russian keyboard layouts doesn’t necessarily mean it comes out of Russia.” That may be true, but I think the important takeaway isn’t where the malware originated from but the fact that there is a “simple trick” that can provide a good degree of protection just by installing a keyboard.

To add a Russian keyboard:

  1. Windows Key + “X”
  2. Go To Settings
  3. Time and Language
  4. Language
  5. Add a Language and then select “Russia” Language and you are done. 

If you have inadvertently switched to the Russian keyboard layout, you can toggle back by using the Windows Key and the space bar.

Script Helps Facilitate Windows 11 Installs on Incompatible Hardware

At the (Read more...)