Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Sigrun. Show all posts

Author of Sigrun Ransomware helps Russian victims for free, charges other countries

The author of Sigrun ransomware is offering to decrypt computers of victims from Russia and some former USSR countries for free, while asking for payment in Bitcoin or Dash to citizens of other countries.

The ransomware already tries to avoid attacking computers of Russians by checking the keyboard layout of the computer. If it detects a Russian layout, it deletes itself and does not encrypt the computer. However, the ransomware has no provision for those computers who do not use a Russian layout, so some people from former USSR countries who choose not to use that layout can still be affected.

This is a common practice amongst Russian hackers and malware developers, who try to prevent from infecting Russian victims as they are concerned that the authorities will apprehend them, unlike when they are attacking victims from other countries.

This instance was first reported by Twitter user and security researcher Alex Svirid.


Another malware researcher, S!Ri, replied to the tweet with two pictures from ransomware victims of another attack.


Russian victim

U.S. victim

According to the Bleeping Computer, the ransomware author has added the Ukranian layout as well to be avoided during encryption.

"Ukranian users don't use Russian layout because of political reasons. So we decided to help them if they was infected," the author told them via email. "We have already added avoiding Ukrainian layout like was in Sage ransomware before."

They also reportedly said that they are not from former USSR republics, but rather added the condition “because of his Belarus partners”.