Researchers have discovered that the code behind the Kaseya ransomware attack is designed to avoid Russian-language systems.
REvil is the hacker group behind the Kaseya attack. While it’s known the individuals behind REvil are Russian-speaking, it is not known whether they enjoy the protection of the Russian government, nor is their exact location known.
The latest research by Trustwave SpiderLabs, which NBC News obtained exclusively, shows that the code behind the ransomware attack is specifically written to avoid computer systems that use Russian and related languages.
“They don’t want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way,” Ziv Mador, Trustwave SpiderLabs’ vice president of security research, told NBC News.
The revelation will no doubt contribute to the delicate relations between the US and Russia, as pressure mounts to try to force Russia to do more to fight cybercrime.