RabboLock Ransomware

Posted: June 20, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 96

RabboLock Ransomware Description

The RabboLock Ransomware is a Trojan that uses Hidden Tear-based encryption attacks for locking your files until you pay a ransom. Although the RabboLock Ransomware's threat actor requests in-game currencies, instead of 'real' money, paying doesn't necessarily have a correlation with getting your data unlocked. Users should back up their files and use anti-malware products to block or uninstall the RabboLock Ransomware, depending on the circumstances.

An Unexpected Bill for Your E-Hotel Stay

By allowing individual features to be sold off separately from each other, the so-called microtransactions are a great source of profit to modern game developers. It's rarer, however, for malware experts to see members of the threatening software sector trying to make use of them. The RabboLock Ransomware is one of the few to attempt it, so far, even though most of its code uses the conventional, data-encoding attacks of Hidden Tear.

The RabboLock Ransomware's threat actors don't appear to be native Dutch speakers, which hasn't stopped them from targeting players of the Rabbo Hotel online socialization platform. After gaining system access through methods malware experts still are determining, the RabboLock Ransomware encrypts content such as documents, pictures, and other media, using an AES cipher. Like most HT variants, the Trojan also appends a custom extension ('R4bb0l0ck') to the names of everything it locks.

The RabboLock Ransomware's more interesting trait is the text ransom message it creates for the victim to read. Instead of a 'traditional' payment for unlocking your media, such as Bitcoins, the RabboLock Ransomware asks you to confer bonuses to his Rabbo Hotel account, including 'staff privileges,' two kinds of currency and rare inventory items.

Keeping Your Gaming Money from Funding Extortionists

Although the RabboLock Ransomware's authors have some remarkable priorities for profiting from their campaign, even in-game currencies like Rabbo Hotel's crowns do cost actual money. Restoring your files through backups always should be considered as preferential to paying con artists and hoping that they honor their word. Malware experts also recommend not depending on the default backups of the Windows OS, since Hidden Tear releases like the RabboLock Ransomware erase such data routinely.

While it's probable that the RabboLock Ransomware's authors are using infection vectors designed to appeal to Rabbo Hotel's player base, malware experts have yet to isolate them. This Trojan could be bundled with related software or mislabeled downloads, or installed through more advanced methods, such as an exploit kit or spam e-mails. However, Hidden Tear has little obfuscation from standard threat-detecting features, and most anti-malware programs should remove the RabboLock Ransomware before it begins encrypting any files.

A threat author's idea of 'fun and games' might not always be so different from those of a law-abiding citizen's, but attacks like the RabboLock Ransomware offload the real cost of that entertainment onto a victim. Keeping games amusing and profitable, but only within the rule of law, is the job of its players, just as much as a duty of the developers.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RabboLock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RabboLock Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.