RobbinHood ransomware operators become arrogant. A new variant of the malware has a ransom note with references to Baltimora and Greenville cyber attacks to increase pressure on victims
RobbinHood ransomware operators change the language in the ransom note, becoming aggressive. According to Bleeping Computer, they became arrogant and boastful. The cyber criminals emphasize the fact that there is no decryption tool available for the encryption scheme implemented in the malware; so it is “impossible to recover” the files without the private key and their unlocking software. To add pressure on victims, they point to past incidents involving their malicious code, which ended with victims paying much more than the ransom demand (Greenville and Baltimore City). Crooks explain that they watched the target for days, gained full access to the company, and bypassed all the protections. They they give victims four days to pay and other six days in which the ransom increase $10,000 every day. Finally, cybercrime write to “just pay the ransom and end suffering, then get better cyber security”.
The cyber security expert Joakim Kennedy found the new malware variant with the boastful note. But, despite there is no public available decrypt tool, there are solutions to prevent ransomware cyber attacks
The new ransomware note and variant has been spotted by the cyber security expert Joakim Kennedy. Cybercrime is becoming more aggressive, thanks to the fact that today there’s no public decrypt tool available for the malware. Although these cyber attacks are very dangerous, especially for companies, however, all is not lost. There is a way to prevent the threat and protect the data. A proper backup system with restricted access that stores copies offsite, in fact, is a good response for any ransomware attack. RobbinHood included. meanwhile, researchers are studying how to countering it. The malware stop 181 Windows services prior to the encryption taking place. In particular the ones associated with antivirus, database, and other software that could keep files open and prevent the encryption process. At the same time, it also disconnects all network shares from the computer, and attempts to look for a public RSA encryption key.
Photo Credits: Bleeping Computer