The ransom demands imposed by the new “RobbinHood” ransomware family increase $10,000 each day beginning on the fourth day following encryption.
The creators of RobbinHood appear to be aiming their attacks at entire networks. When they’ve gained access to a target, they use their ransomware to encrypt as many computers as possible. They then drop ransom notes under four different names on the infected machines.
Each copy of the ransom message provides victims with two options of payment: pay three Bitcoins (currently worth $15,476.47) per each affected system or seven Bitcoins (currently worth $36,111.76) to recover all affected systems. Each note then informs those who have suffered an infection that the ransom amounts will increase by $10,000 each day if they haven’t paid by the fourth day after encryption.
The ransomware also distinguishes itself by leveraging privacy to its advantage. For instance, the RobbinHood ransom note makes a point of reassuring the victim that “your privacy is important for us, all of your records including IP address and Encryption keys will be wiped out after your payment.” It goes on to note how how “[t]here is no need to mention that our servers have no event a bit of your network data and information.”
Lawrence Abrams, creator and owner of Bleeping Computer, feels that this second statement in particular has a purpose. As he explains in a blog post:
This is the first time I have ever seen a ransomware offer that bit of advice. By stating that they will keep the victim’s ransomware infection a secret they are implying that a company can pay for the ransomware without having to disclose the breach and receive negative publicity. This is being done to potentially increase the chance of a payment being made.
RobbinHood is a relatively new family of ransomware, but it’s already been involved in a successful attack. Security professionals should therefore take the opportunity to protect themselves against a ransomware infection by keeping their software up-to-date and backing up their organization’s sensitive information on a regular basis. They should also follow these additional ransomware prevention tips.