Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


RobbinHood Ransomware Update

The operators behind the Robbinhood ransomware have changed the statements made in the ransom note that’s delivered to their victims in an attempt to scare victims into paying the ransom. Boastful and arrogant in their message, the cybercriminals point to past incidents where their virus was successful. The new ransom note showcases the Baltimore ransomware attack when the city was extorted to pay $76,000 for the decryption keys, but the costs didn’t end there. The city reported spending over $10 million to recover from the attack and is spending an additional $6 million to harden its IT infrastructure to prepare/defend against future attacks. This attack alone is enough to create RobbinHoods’ reputation and the operators of the ransomware are using this to their advantage. The new ransom note, found by Joakim Kennedy, lets the victim know that the operators have been lurking in the victim’s network for a while to learn the ropes and achieve widespread control of the victim’s systems. The instructions warn the victim not to work with the FBI or other security professionals. It also states that turning off systems, renaming the files or trying to recover the computer “will damage your files.” Additionally, the note states, “You must pay us in 4 days if you don’t pay in the specific duration, the price increases $10,000 each day after that period. After 10 days your keys and your panel will be removed automatically.”

Analyst Notes

The primary defense of any ransomware is to have secure and complete backups that can be used to replace encrypted files. RobbinHood is primarily transmitted through either remote desktop services or malware, so the organization’s remote desktop connections should be either secured behind a VPN or require 2-factor authentication. A robust antivirus/malware detection program that is updated regularly should be deployed to further protect systems. Employing third-party agencies that can perform 24-hour monitoring, such as the Binary Defense Security Operations Center, can detect and defend from future attacks. Binary Defense software includes active protection against ransomware and the ability to isolate an infected computer from the rest of the network to contain damage and reduce the overall effect of a ransomware incident.