Ransom.RobbinHood is Malwarebytes’ detection name or a type of ransomware that is used in targeted attacks against enterprises and organizations.
Ransomware is a category of malware that holds files or systems hostage for ransom. When encrypting files, an AES key is created for each file. The ransomware will then encrypt the AES key and the original filename with the public RSA encryption key and append it to the encrypted file.
Ransom.RobbinHood is used in targeted attacks, where the threat actors make sure that essential files are encrypted so they can ask for large ransom amounts. Ransom.RobbinHood has been know to use a digitally signed driver and exploit a vulnerability in this legitimate driver to gain kernel access.
Because of the targeted nature of this ransomware, it is advised to do a full network scan to find any backdoors or other tools that the threat actors may have left behind, and which may enable them to regain access to the network.
Malwarebytes protects business and home users from Ransom.RobbinHood by using Anti-Ransomware technology and real-time protection.
All component/technology detections are passed to the remediation engine for complete removal from infected systems. This industry leading technology uses patented techniques in identifying all cohorts or associated files for a single threat and removes them all together to prevent malware from resuscitating itself. If you are using Malwarebytes Ransomware Rollback technology, it allows you to wind
back the clock to negate the impact of ransomware by leveraging just-in-time backups.
Files SHA256 hashes:
Encrypted files are stored with the extension enc_robbinhood
Select your language