The RobbinHood ransomware (detected by Trend Micro as Ransom.Win32.ROBBINHOOD.A), known for targeting organizations and computers on their networks by spreading through compromised remote desktop services or other malware, is banking on its bad reputation to scare victims into paying ransom.
According to BleepingComputer, a RobbinHood variant was found employing a scaring tactic in its new ransom note, prodding victims to search online for news of previous RobbinHood ransomware victims and how they ended up paying a larger cost by not paying the cybercriminals up front.
The ransom note, spotted by Joakim Kennedy, informs the victim that the cybercriminals behind RobbinHood have “worked on systems to gain full access” to a victim’s company and evade all security measures. The manner in which RobbinHood enters a victim’s network is still unidentified.
Victims are threatened to pay the ransom amount within four days or it increases by a whopping US$10,000 per day. If the ransom amount is not paid within ten days, the keys and panel will automatically be removed, putting a victim’s files on permanent lockdown. Currently, there is no publicly available decryption tool for RobbinHood, and the cybercriminals brag about this fact in the ransom note, informing victims that the only way to get their files back is to pay for their decryption software.
RobbinHood cybercriminals point new victims in the direction of previous high-profile victims like Greenville City and Baltimore City to help validate just how dangerous this ransomware variant is. Both cities experienced massive operational delays because of the ransomware attacks, with Baltimore City incurring an estimated US$18.2 million in losses.
According to Trend Micro’s midyear security roundup for 2019, ransomware detections in the first half of the year increased 77% compared to the second half of 2018. Trend Micro telemetry also shows that most victims of ransomware attacks are multinationals, enterprises, and government organizations. It is thus paramount that organizations strengthen their security posture against ransomware through established recommendations, which include:
Keeping the system, network, servers, and programs/applications updated and patched (or using virtual patching for legacy and embedded systems or software).
Enforcing the principle of least privilege to reduce the attack surface, for example, by securing the use of system administration tools, restricting and disabling unnecessary or outmoded components, and assigning only the necessary privileges to user accounts.
These solutions are powered by Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. Smart, optimized, and connected, XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).