The ransomware already tries to avoid attacking computers of Russians past times checking the keyboard layout of the computer. If it detects a Russian layout, it deletes itself in addition to does non encrypt the computer. However, the ransomware has no provision for those computers who create non purpose a Russian layout, in addition to hence simply about people from onetime USSR countries who pick out non to purpose that layout tin nonetheless last affected.
This is a mutual practise alongside Russian hackers in addition to malware developers, who travail to forestall from infecting Russian victims every bit they are concerned that the government volition apprehend them, dissimilar when they are attacking victims from other countries.
This lawsuit was kickoff reported past times Twitter user in addition to safety researcher Alex Svirid.
Sigrun Ransomware writer costless decrypt files for users from simply about countries onetime USSR (with Russian main language)— Alex Svirid (@thyrex2002) May 31, 2018
Another malware researcher, S!Ri, replied to the tweet with 2 pictures from ransomware victims of simply about other attack.
Yup, many are doing that. Guess who is Russian in addition to who is American? pic.twitter.com/1pS6NhPtXN— S!Ri (@siri_urz) May 31, 2018
 |
| Russian victim |
 |
| U.S. victim |
According to the Bleeping Computer, the ransomware writer has added the Ukranian layout every bit good to last avoided during encryption.
"Ukranian users don't purpose Russian layout because of political reasons. So nosotros decided to assist them if they was infected," the writer told them via email. "We convey already added avoiding Ukrainian layout similar was inwards Sage ransomware before."
They likewise reportedly said that they are non from onetime USSR republics, but rather added the status “because of his Republic of Belarus partners”.
