The author of the Sigrun Ransomware is providing decryption for Russian victims for free, while asking for a ransom payment of $2,500 in Bitcoin or Dash for everyone else. It is not uncommon for Russian ransomware developers to purposely avoid targeting Russian citizens and to outwardly help such victims for free.
This was first reported by Alex Svirid, a security researcher who is know for analyzing ransomware for weaknesses, shared his discovery on Twitter.
Sigrun Ransomware author free decrypt files for users from some countries former USSR (with Russian primary language)
— Alex Svirid (@thyrex2002) May 31, 2018
Malwarebytes security researcher S!Ri then replied to Svirid’s tweet showing emails to a ransomware author from both a U.S. based victim and a Russian victim to illustrate this point.
|Click on email to see a larger version|
Russian malware developers typically try to avoid infecting Russian victims as they are concerned the authorities won’t continue to turn a blind eye as they do when attacking victims from other countries.
Sigrun already tries to avoid Russian victims by detecting the keyboard layout when the ransomware is executed. If it detects a Russian layout, it will not encrypt the computer and delete itself. Unfortunately, not every former USSR republic continues to use the Russian keyboard layout and thus get caught by the Ransomware.
“Ukranian users don’t use russian layout because of political reasons. So we decided to help them if they was infected,” the Sigrun author told…