RobbinHood Ransomware Banks on Bad Reputation to Extort Money From Victims

The RobbinHood ransomware (detected by Trend Micro as Ransom.Win32.ROBBINHOOD.A), known for targeting organizations and computers on their networks by spreading through compromised remote desktop services or other malware, is banking on its bad reputation to scare victims into paying ransom. 

According to BleepingComputer, a RobbinHood variant was found employing a scaring tactic in its new ransom note, prodding victims to search online for news of previous RobbinHood ransomware victims and how they ended up paying a larger cost by not paying the cybercriminals up front. 

The ransom note, spotted by Joakim Kennedy, informs the victim that the cybercriminals behind RobbinHood have “worked on systems to gain full access” to a victim’s company and evade all security measures. The manner in which RobbinHood enters a victim’s network is still unidentified. 

Victims are threatened to pay the ransom amount within four days or it increases by a whopping US$10,000 per day. If the ransom amount is not paid within ten days, the keys and panel will automatically be removed, putting a victim’s files on permanent lockdown. Currently, there is no publicly available decryption tool for RobbinHood, and the cybercriminals brag about this fact in the ransom note, informing victims that the only way to get their files back is to pay for their decryption software. 

RobbinHood cybercriminals point new victims in the direction of previous high-profile victims like Greenville City and Baltimore City to help validate just how dangerous this ransomware variant is. Both cities experienced massive operational delays because of the ransomware attacks, with Baltimore City incurring an estimated US$18.2 million in losses. 

[Best Practices: Defending Against Ransomware]

According to Trend Micro’s midyear security roundup for 2019, ransomware detections in the first half of the year increased 77% compared to the second half of 2018. Trend Micro telemetry also shows that most victims of ransomware attacks are multinationals, enterprises, and government organizations. It is thus paramount that organizations strengthen their security posture against ransomware through established recommendations, which include:

  • Regularly backing up files and ensuring the integrity of these back-ups.

  • Keeping the system, network, servers, and programs/applications updated and patched (or using virtual patching for legacy and embedded systems or software).

  • Enforcing the principle of least privilege to reduce the attack surface, for example, by securing the use of system administration tools, restricting and disabling unnecessary or outmoded components, and assigning only the necessary privileges to user accounts.

Trend Micro ransomware solutions

Enterprises can benefit from a multilayered approach to best stop and mitigate the risks brought by ransomware. At the endpoint level, the Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery™ Inspector detects and blocks ransomware on networks, while the Trend Micro™ Deep Security™ solution stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud.  Trend Micro Deep SecurityVulnerability Protection, and TippingPoint provide virtual patching that protects endpoints from threats that exploit unpatched vulnerabilities to deliver ransomware.

Email and web gateway solutions such as Trend Micro Deep Discovery Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. The Trend Micro Cloud App Security can help enhance the security of Microsoft Office 365 apps and other cloud services by using cutting-edge sandbox malware analysis for ransomware and other advanced threats.

These solutions are powered by Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints. Smart, optimized, and connected, XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense. 


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.