[hybridtupel]

> Malware that is more stealth-conscious would just stop running without any indication, instead of interacting with external processes.

I always wondered if we could just use this against the malware. E.g. just run a useless process which is named/looks like a debugger and the malware stops itself. Of course that's nothing to be relied on on its own but maybe as an additional layer of defense?

[revolvingocelot]

Makes me think of that "weird domain name"-based ransomware mitigation.

https://www.theverge.com/2017/5/13/15635050/wannacry-ransomw...

[dylan604]

or adding a russian language pack to your system. some of these are so silly sounding that they are almost unbelievable on first hearing of them.

[fear-anger-hate]

Some EDRs do stuff like adding russian keyboard layout as an alternative, which stops a fair share of 'malware as service' type stealers.