RobbinHood Ransomware: pay up and keep quiet

October 26th, 2019
RobbinHood Ransomware: pay up and keep quiet

The creators of the dreaded 'Robbinhood' ransomware strain are putting their reputation to work for them.  The hackers have recently modified their ransom note in a couple of important ways.

First and foremost, they stress that there's no public decryption tool currently available to recover files encrypted by RobbinHood and that they are monitoring the situation to make sure that the company impacted by the malware does not contact law enforcement.  Any attempt to do so "will damage your files," the warning reads.

Those two recent additions are bad enough on their own, but the hackers took an additional step. They are now directing victims to a web search highlighting an incident that occurred in Greenville North Carolina and another that impacted servers in the city of Baltimore.

Cybercriminals used Robbinhood in both attacks. While the ransoms demanded in both cases weren't excessive (less than $100,000 initially demanded), the aftershocks arising from those attacks wound up costing the city millions. In fact, according to CBS Baltimore, the city "put more than $18 million into the attack."

Clearly, the recent changes to the ransom note used by the attackers is aimed at convincing those impacted by their malware to pay up and keep quiet.  How well that will ultimately work remains to be seen, but at this point, the hackers are correct.  There is no public decryption tool.

Recovery of the encrypted files

Paying the ransom isn't the only way to recover encrypted files. Get in the habit of making good, complete backups at regular intervals, then a ransomware attack doesn't have to be devastating.  With a proper, timely response, it could be little more than an inconvenience.  The hackers don't want to draw attention to this, but it is something you should discuss with your IT staff.


Leave a comment!

Your email address will not be published. Required fields are marked *