Robinhood Ransomware Banks on Bad Reputation to Extort Money From Victims
The Robinhood ransomware (detected by Trend Micro as Ransom.Win32.ROBBINHOOD.A), known for targeting organizations and computers on their networks by spreading through compromised remote desktop services or other malware, is banking on its bad reputation to scare victims into paying a ransom.
According to BleepingComputer, a RobbinHood variant was found employing a scaring tactic in its new ransom note, prodding victims to search online for news of previous RobbinHood ransomware victims and how they ended up paying a larger cost by not paying the cybercriminals upfront.
The ransom note, spotted by Joakim Kennedy, informs the victim that the cybercriminals behind RobbinHood have “worked on systems to gain full access” to a victim’s company and evade all security measures. Robinhood’s entry into a victim’s network is not yet known.
Victims are warned to pay the ransom within four days, or it will increase by US$10,000 per hour. The ransom amount must be paid within ten working days. If not, the keys and panel are automatically removed. Victims’ files will be placed on permanent lockdown. Robinhood does not have a public decryption tool. Cybercriminals boast about this fact in ransom notes, telling victims that they can only get their files back if they pay for the decryption software.
Robinhood cybercriminals point to new victims in the direction of previous high-profile victims such as Greenville City or Baltimore City, to show just how dangerous this ransomware variant really is. Both cities experienced massive operational delays because of the ransomware attacks, with Baltimore City incurring an estimated US$18.2 million in losses.
[Best Practices: Defending Against Ransomware]
According to Trend Micro’s midyear security roundup for 2019, ransomware detections in the first half of the year increased 77% compared to the second half of 2018. Trend Micro telemetry shows that ransomware attacks have been most severe against multinationals, government agencies, and enterprises. Organizations should strengthen their security against ransomware by following established recommendations. These include:
- Regularly backing up files and ensuring the integrity of these back-ups. Keeping the system, network, servers, and programs/applications updated and patched (or using virtual patching for legacy and embedded systems or software
- To reduce the attack surface, enforce the principle of least privilege.
- This includes securing system administration tools, limiting and disabling outmoded components, and assigning only the required privileges to user accounts.
Trend Micro ransomware solutions
Multilayered approaches can be beneficial for enterprises to mitigate and stop ransomware. At the endpoint level, the Trend Micro(TM) Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery(TM) Inspector detects and blocks ransomware on networks, while the Trend Micro(TM) Deep Security(TM) solution stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud. Trend Micro Deep Security and TippingPoint offer virtual patching to protect endpoints against threats that exploit unpatched flaws to deliver ransomware.
Trend Micro Deep Discovery Email Inspector, and InterScan(TM), Web Security is a web and email gateway solution that prevents ransomware from reaching end users. The Trend Micro Cloud App Security(TM) can help enhance the security of Microsoft Office 365 apps and other cloud services by using cutting-edge sandbox malware analysis for ransomware and other advanced threats.
Trend Micro XGen(TM), security is the engine behind these solutions. It provides a cross-generational mix of threat defense techniques against a wide range of threats to data centers, cloud environments, and networks. XGen is smart, connected, optimized, and intelligent and powers Trend Micro’s security solutions: Hybrid Cloud Security and User Protection.
Publie Dans Cybercrime & Digital Threats