'.robbinhood File Extension' Ransomware

The '.robbinhood File Extension' Ransomware is a file-locking Trojan that asks for ransoms through local Web pages after encrypting your media, which can include images, documents and other formats. Symptoms of this threat, which has no evident family, include overwriting the names of any files completely and adding new suffix and affix information to them. Users should have their anti-malware program of preference remove the '.robbinhood File Extension' Ransomware immediately before recovering through any recent backup.

Collecting from the Rich to Give to Oneself

Approximately one year after the examination of the Robin Hood And Family Ransomware's campaign, malware researchers, finally, are seeing a new file-locking Trojan that's copying the theme for itself. The '.robbinhood File Extension' Ransomware uses several features that aren't quite in line with those of most of the operational families of file-locking Trojans, but its encryption and, therefore, functionality for blocking files, is working. Malware experts can't confirm any victims outside of the Middle East, at this time.

The '.robbinhood File Extension' Ransomware uses unwanted encryption for locking various formats of media, out of which, documents, images, and other formats related to Microsoft productivity software, art programs, and data-compression utilities are at the greatest degree of risk. Unlike most of the file-locker Trojans that it competes with, the '.robbinhood File Extension' Ransomware removes the original filename and replaces it with a prepended affix ('Encrypted_'), a string of semi-random characters and the extension. The comprehensiveness of the replacement prevents users from identifying what content the '.robbinhood File Extension' Ransomware is locking.

Although the '.robbinhood File Extension' Ransomware does create a ransom note in an HTML format, it uses unique formatting for its instructions. The details include a 'free sample' of the criminal's decryption help, a Bitcoin-based payment option on a per machine or per business basis, and an extraordinarily sharp rise in prices daily (ten thousand USD per day). Altogether, malware experts conclude that the '.robbinhood File Extension' Ransomware's campaign is highly suggestive of targeting business or government server systems that could afford the fees, along with having highly-valuable data over multiple, network-connected PCs.

Anti-Theft Watchdogs for the Internet Age

Malware experts can't state with any surety whether or not the '.robbinhood File Extension' Ransomware's encryption is reversible. However, due to the professionalism of its ransoming infrastructure and payload, as well as the transaction sizes its campaign involves, it's not likely that a decryptor's development will be straightforward. Windows users will want to keep regular backups of any files of importance to them and save them to other devices and drives for a fallback solution.

The '.robbinhood File Extension' Ransomware is compromising Israeli users with its current infection strategies, but its payload isn't Israel-specific. Threat actors targeting businesses with file-locking Trojans, generally, use crafted spam e-mails carrying corrupted attachments or brute-force the login credentials to a network. Following good password-generating protocols, disabling Word's macro feature, and scanning all files before opening them are helpful defensive steps for most users. Anti-malware products of most brands should have few problems with removing the '.robbinhood File Extension' Ransomware on sight, if they're available.

The '.robbinhood File Extension' Ransomware is the thief that collects from the well-off to give to its Bitcoin wallet but needs your help to succeed. Don't lend assistance to criminal software by forgetting your backup schedules or password rotations, which are essential for both your files and your financial wellbeing.