RobbinHood Ransomware Claims It’s Protecting Your Privacy [bleepingcomputer]
by CIRT Team
A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.
Not much is currently known about this ransomware and a sample for RobbinHood has not currently been found. We have, though, seen the ransom notes and encrypted files of various victims, which allows us to put together a picture of how this ransomware may operate.
RobbinHood targets networks
Based on the ransom note text, the attackers behind RobbinHood are actively trying to gain access to networks. Once they gain access, they will attempt to encrypt as many computers on the network as they can.
While nothing is known regarding the encryption being used, we do know that when files are encrypted they will be renamed to something similar to Encrypted_b0a6c73e3e434b63.enc_robbinhood.
The ransomware will also strangely drop ransom notes under 4 different names at the same time. The names of these notes are _Decryption_ReadMe.html, _Decrypt_Files.html, _Help_Help_Help.html, and _Help_Important.html.
For more, click here.