A Closer Look at the RobbinHood Ransomware [bleepingcomputer]
by CIRT Team
The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers.
Since it first came out, samples of the RobbinHood ransomware have not been easy to come by. Yesterday, though, MalwareHunterTeam was able to find a sample so that it could be reverse engineered and tested to learn more about it.
Taking a look at RobbinHood
As we previously stated, it has not been confirmed how the ransomware gains access to a network and the computer’s on it. TOP ARTICLES1/5READ MOREWindows 10 Users Avoiding October 2018 Update Shows Report
Security researcher Vitali Kremez, who reverse engineered the sample, told BleepingComputer that on execution it will stop 181 Windows services associated with antivirus, database, mail server, and other software that could keep files open and prevent their encryption. It does this by issuing the “sc.exe stop” command as shown below.
For more, click here.