'.robbinhood File Extension' Ransomware Description
RobbinHood Ransomware ('.robbinhood File Extension' Ransomware) is among the latest encrypting malware threats that have appeared on the market recently. Samples of this new ransomware are hard to find, and there is still very little research, yet available data shows that it has been originally written in Google’s Go programming language and then compiled into a 32-bit executable. Like most other threats of that kind, RobinHood uses RSA and AES encryption algorithms and asks the victims to contact the malware owners through an Onion Tor website. The exact vector of distribution of the examined samples is unknown, yet RobbinHood likely spreads through unprotected remote desktop protocols or Trojans that have previously provided the attackers with access to the target system. Spam emails with malicious attachments or corrupted Internet links are also a common propagation method of ransomware threats.
Another Bandit Pretending to be the Well-Intentioned Robbin Hood
The '.robbinhood File Extension' Ransomware attack is typical of these threats and seems to be based on HiddenTear, an open source encryption ransomware platform that has been responsible for countless variants of encryption ransomware attacks. The '.robbinhood File Extension' Ransomware targets the user-generated files in its attack, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The '.robbinhood File Extension' Ransomware uses a strong encryption algorithm to overwrite the affected data, making it inaccessible. The '.robbinhood File Extension' Ransomware attack makes the targeted files easy to be identified because the '.robbinhood File Extension' Ransomware renames them with the string 'Encrypted_.enc_robbinhoo,' which will often include a long string of random characters. Victims of the '.robbinhood File Extension' Ransomware attack are directed to a ransom note contained in three files named '-Decryption_ReadMe.htm,' _Help_Important.html' and '_Decrypt_Files.html.' These files ask the victims to connect to a website using TOR, where the following message is displayed:
'What happened to your files?
All your files are encrypted with RSA-4096, Read more on [link to an article on Wikipedia]
RSA is an algorithm used by modern computers to encrypt and decrypt data. RSA is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography because it can be given to anyone:
1-We encrypted your files with our “Public key”
2-You can decrypt the encrypted files with a specific “Private key” and your private key is in our hands ( It's not possible to recover your files without our private key )'
The message then asks for a ransom payment of several thousand US dollars, including a much larger payment for infected networks.
Protecting Your PC and Data from Threats Like the '.robbinhood File Extension' Ransomware
The best protection against threats like the '.robbinhood File Extension' Ransomware is to have file backups stored on the cloud or external services. Malware specialists advise computer users to use a security program that is fully up to date to prevent threats like the '.robbinhood File Extension' Ransomware from being installed, apart from file backups, and remove them once they have carried their attacks. Unfortunately, as soon as the '.robbinhood File Extension' Ransomware finishes encrypting the files, they cannot be decrypted and should, instead, be replaced from the backup copies.
Do You Suspect Your PC May Be Infected with '.robbinhood File Extension' Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like '.robbinhood File Extension' Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.