Robin Hood, the legendary archer of English folklore, is renowned for ‘robbing from the rich and giving to the poor’. Drawing its name from this now mythical hero, RobbinHood ransomware is a new type of ransomware has recently.

Any form of ransomware can cause significant damage to your business and must be protected against, but this new technique is particularly insidious. The attacks are manufactured carefully to trick victims into thinking their ransom payment will go to a good cause.

However, there is no evidence that the money goes to charity – instead, it goes straight into the criminals’ pockets.

Just recently, the city of Greenville in North Carolina became a victim of RobbinHood ransomware. The city’s network was badly affected, causing servers to be shut down across the entire city.

If a criminal gains access to your vital business data, it could prove both costly and disastrous for the relationship between your business and your trusted customers.

RobbinHood, RobbinHood: Riding through the web

Like most ransomware attacks, cyber criminals begin by attempting to break into your network. Once successful, they encrypt all devices that are connected to the compromised network and lock all users out until a Bitcoin ransom is paid.

The criminals behind RobbinHood ransomware then offer their victims a deal for them to recover their business data – simply a donation to the criminals’ ‘charity’ of choice. This fake charity is set up prior to the ransomware attack, purely as a means to shake down victims.

Disguised behind a seemingly good cause, victims who pay the ransom and make the donation not only get their systems back, but also believe that their money will go to charity. For those forced to pay the ransom, the psychology is one of desperation but with the apparent silver lining that at least the ransom payment will go to a good cause.

It does not. In reality, it simply goes straight into the attacker’s Bitcoin wallet.

Feared by the good, loved by the bad

A unique point of interest for RobbinHood ransomware, is that it stresses the importance of keeping the victim’s data private. The attacker claims that anyone who pays to get their data back will not have their information disclosed to the wider hacking community.

Differing from the usual urgent, threatening tone of a ransomware attack, the message is delivered in a gentle tone, and presents the criminal as a helpful advocate offering advice on how to retrieve your information.

Once a payment has been made, the attacker ‘promises’ to delete the victim’s encryption keys and IP addresses.

They claim to care about keeping data private and use this as a tool for leverage over the victim. Reading between the lines, the message is essentially blackmail against the victim, ordering payment in exchange for the avoidance of negative publicity for your business.

This is very likely untrue. Cyber criminals are opportunists, and if your business demonstrates a willingness to co-operate with extortion, you’re far more likely to become a target in the future due to an unsavoury reputation for compliance.

Ransoming the rich, Ransoming the poor

Unlike Robin Hood, who adhered to a mantra of roguish equality, the opportunistic RobbinHood ransomware attack alters the ransom demand based on the size of the victim’s business, and the quantity and quality of data.

As one may imagine, the payment that the attackers require is laid out in a clear and direct manner.

The recovery options are as follows:

  • Bitcoin(s) per affected system OR
  • Bitcoin(s) for the whole affected systems

Also made clear is that the price increases a further £10,000 every day after the fourth day of infection. 1 Bitcoin is worth around £5,000. Therefore, it is highly important that you don’t fall victim to this ransomware due to the enormous cost that comes with an attack.

Crucially, Neuways always emphasises – never pay the ransom. It will only leave your business more susceptible in the future.

Instead, make sure that your business has all of the correct cyber security measures in place, including a robust network security. With strong network security, a ransomware disaster is prevented.