An Insight into The “Honest” RobinHood Ransomware

October 23, 2019
robinhood ransomeware malware antimalware

The world of cybersecurity is full of surprises.

From using and downloading your Game of Thrones torrents to exploiting popular porn websites — notorious cybercriminals keep coming up with new ways to cause you harm.

In a related development, a ransomware called RobinHood is spreading havoc in North Carolina, where the ransomware has crippled most city-owned PCs. It’s so concerning that even The FBI is currently investigating the issue along with local authorities. The malware is reported to be exhibiting a unique feature where the hackers spreading “Robinhood Ransomware” are levying a penalty of $10,000 to victims for every day beginning on the 4th day of encryption.

That means those who fail to pay the ransom within the first 4 days of encryption will be facing a late fee kind of penalty of $10k for each day turning late.

What makes RobinHood interesting are some surprising claims made by its creators.

The ransomware’s .onion payment page mentions that the developers care about the privacy of the users. “Your privacy is important for us, all of your records including IP address and Encryption keys will be wiped out after your payment,” it says.

Robinhood Ransomware’s other unique feature is that it tries to victimize as many PCs as possible which are in the network and then pushes ransom notes under 4 different names on the infected machines.

Details about the ransomware are currently scarce, and there’s no recorded sample of the same. However, the encrypted files are named similar to Encrypted_%16 hex chars%.enc_robinhood. The encryption used in this case is RSA-4096 that can be decrypted using private keys.

Another surprising claim made by the RobinHood developers is regarding honesty. The victim can upload up to 3 files of maximum size 10MB in total and get them decrypted for free. This way users can make sure that the developers are “honest.”

Their ransom note further mentions that the cost of payment keeps increasing $10,000 each day if the payment isn’t made by the fourth day.

It goes without saying that users must not fall for such “incentives” and avoid paying the ransom as it encourages the cybercriminals to spread their operations. There’s also no guarantee you’ll get your files back after paying the ransom. The best course of action in such cases is informing the authorities and cyber security firms who can properly investigate the issue and resolve it.



About the author

Leave a Reply