Ransomware Keyboard Spoofer

Thread starter [correlate]
Start date Aug 7, 2021

[correlate]

Level 18

Thread author

Verified

Top Poster

Well-known

Forum Veteran

Aug 7, 2021

#1

What's interesting about some ransomware is that it checks system settings before performing the malicious operations in order to determine where the malware is running. One check in particular is the system's current keyboard setting which is used to determine the language of the user. In cases where the malware detects Russian or other periphery language codes, the ransomware simply exits. The most reasonable explanation is that the malware authors do not want to damage systems where they could actually be held accountable.

CyDec Security

www.cydecsecurity.com

www.cydecsecurity.com

CyDec Security :: Ransomware Keyboard Spoofer

www.cydecsecurity.com

www.cydecsecurity.com

Last edited by a moderator: Aug 7, 2021

Reactions: struppigel, Andy Ful, ZeePriest and 8 others

You may also like...

Scams & Phishing News “I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
- Started by Brownie2019
- Nov 7, 2025
- Replies: 2
Security News
On Sale! Norton 360 Premium 2026 [10-D, 2-YR] 22.99 €
- Started by Brownie2019
- Dec 27, 2025
- Replies: 7
Discounts and Deals
Scams & Phishing News Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
- Started by Parkinsond
- Jan 24, 2026
- Replies: 22
Security News
Danabot: Analyzing a fallen empire
- Started by SeriousHoax
- May 23, 2025
- Replies: 0
News Archive
APT Hackers Target Maritime and Shipping Industry for Ransomware Attacks
- Started by Brownie2019
- Jul 30, 2025
- Replies: 0
News Archive

Share:

Facebook X Bluesky LinkedIn Reddit WhatsApp Email Link