In a related development, a ransomware called RobinHood is spreading havoc in North Carolina, where the ransomware has crippled most city-owned PCs. The FBI is currently investigating the issue along with local authorities.
What makes RobinHood interesting are some surprising claims made by its creators. The ransomware’s .Onion payment page mentions that the developers care about the privacy of the users.
“Your privacy is important for us, all of your records including IP address and Encryption keys will be wiped out after your payment,” it says.
The page further mentions that the bitcoin address used for the ransom payment is created freshly for every victim, so there’s no way to track it.
As reported by Bleeping Computer, details about the ransomware are currently scarce, and there’s no recorded sample of the same. However, as per the @MalwareHunterTeam, the encrypted files are named similar to Encrypted_ hex chars%.enc_robbinhood. The encryption used in this case is RSA-4096 that can be decrypted using private keys.
About "RobbinHood" ransomware.
Encrypted files named: Encrypted_ hex chars%.enc_robbinhood
Note names on 3rd screenshot.
They are using multiple (maybe all?) names at the same time.
Feels it's something older updated, but w/o sample, impossible to tell more…@demonslay335 pic.twitter.com/qnDyGMN9ip
— MalwareHunterTeam (@malwrhunterteam) April 12, 2019
Another surprising claim made by the RobinHood developers is regarding honesty. The victim can upload up to 3 files of maximum size 10MB in total and get them decrypted for free. This way users can make sure that the developers are “honest.”
Their ransom note further mentions that the cost of payment keeps increasing $10,000 each day if the payment isn’t made by the fourth day.
It goes without saying that users must not fall for such “incentives” and avoid paying the ransom as it encourages the cybercriminals to spread their operations. There’s also no guarantee you’ll get your files back after paying the ransom. The best course of action in such cases is informing the authorities and cybersecurity firms who can properly investigate the issue and resolve it.