Discussion:
Ransomware designed not to infect in post-Soviet states
(too old to reply)
Glenn Geller
2016-03-07 16:14:02 UTC
Permalink
Cerber, a recently released ransomware, reportedly declines to
infect any computer with a Windows location of either Armenia,
Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova,
Russia, Tajikistan, Turkmenistan, Ukraine, or Uzbekistan. (Those
are the post-Soviet States minus the Baltic States). See the early
paragraphs here:

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

I'm not likely to become infected, but I've set my computer's location
to Russia, to see how the change might affect my use of the computer.
So far, I see no change, as I expected. (It's not a language change,
just a location change.)

If the change is inconsequential, I might perform this change on
the Windows computers of those of my clients who are a little
sloppy in their Internet use and have crucial files.

Does any of you know of a potential drawback to changing the
location to Russia on the computers of my clients?


How to change the location code:

http://www.trishtech.com/2012/07/how-to-set-country-or-region-location-in-windows-7/


Table of location codes:

https://msdn.microsoft.com/en-us/library/windows/desktop/dd374073%28v=vs.85%29.aspx
David Kaye
2016-03-07 22:07:32 UTC
Permalink
Post by Glenn Geller
Cerber, a recently released ransomware, reportedly declines to
infect any computer with a Windows location of either Armenia,
Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova,
Russia, Tajikistan, Turkmenistan, Ukraine, or Uzbekistan. (Those
are the post-Soviet States minus the Baltic States). See the early
http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/
I'm not likely to become infected, but I've set my computer's location
to Russia, to see how the change might affect my use of the computer.
So far, I see no change, as I expected. (It's not a language change,
just a location change.)
If the change is inconsequential, I might perform this change on
the Windows computers of those of my clients who are a little
sloppy in their Internet use and have crucial files.
Does any of you know of a potential drawback to changing the
location to Russia on the computers of my clients?
http://www.trishtech.com/2012/07/how-to-set-country-or-region-location-in-windows-7/
https://msdn.microsoft.com/en-us/library/windows/desktop/dd374073%28v=vs.85%29.aspx
David Kaye
2016-03-07 22:16:47 UTC
Permalink
I have been using CryptoPrevent, which does an end run around most
ransomware programs.

I also use an early version of the ZoneAlarm firewall, which warns of any
new or changed program that is trying to connect somewhere. All ransomware
programs have to connect back to the mothership, so if an attempt it made
it's automatically blocked and you're warned.

Here's a URL to MajorGeeks, a website I trust, for the CryptoPrevent
program:
http://www.majorgeeks.com/files/details/cryptoprevent.html

If you root around the web you can find early versions of ZoneAlarm. I have
several copies of different versions. The one I'm using is ZoneAlarm
3.1.291. I like the early ZoneAlarm versions because they don't have all
the fancy fru-fru on them, they're fast, there are no nag screens, and
they've been flawless. Much as I'd like to endorse current ZoneAlarm, I
don't like that since CheckPoint bought them they're just loaded with
unnecessary baggage as well as nag screens. I'm not convinced that the
later version of ZA are any better than the early versions from 10+ years
ago.

My computers have visited lots of skanky websites and I haven't gotten
infected by anything of any consequence.

Loading...