Removing the RobinHood Ransomware (Malware/Virus)

Aug 15th 2017 - by Fix My PC FREE in: Blog Virus Removal | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Restoro <<

 RobinHood Ransomware: What is it?

RobinHood is obviously  another ransomware-type virus discovered by the malware security researcher S!Ri. Once it has  infiltrated the computer system, this malware mainly encrypts stored data and appends names of compromised files with the “.Robinhood” extension. For example, “sample.jpg” is renamed to “sample.jpg.RobinHood“. After the successful encryption, RobinHood modifies the desktop wallpaper and creates an executable file (“ROBINHOOD -TIMER.exe“) and a text file (“READ_IT.txt“), and palce them on the desktop.

The text file primarily contains a message that states that people in Yemen are being killed by Bin Salman of Saudi Arabia and that the users targeted by RobinHood ransomware are either “Saudians” or “Supporters” of Bin Salman’s devious activity. The message also states that files are encrypted and that users must pay a ransom of 5 Bitcoins (=which is currently, 1 Bitcoin costs ~$2800 in order to restore their data and that payments received are supposedly used to help victims in Yemen. This malware has some political background though, which makes it very similar to the eBayWall and END Of ISRAEL viruses. It is currently unknown whether RobinHood ransomware  uses symmetric or asymmetric cryptography, bu, in both cases, like most cases, the decryption requires a unique key that is stored on a remote server controlled by the cyber criminals. Victims are encouraged to pay a ransom in exchange for the decryption key. It is also stated that the ransom must be paid within 72 hours and is timed with the “ROBINHOOD -TIMER.exe” -is a timer indicating time remaining, otherwise decryption becomes impossible. Despite these threats and demands, don’t ever trust the cyber criminals, because they usually ignore victims, once payments are made. There is a high probability that paying will not guarantee any positive result, but rather you will lose your money and support cyber criminals’ malicious businesses. So, never try to contact these people or pay any ransom they demanded. Unfortunately and currently, there are no tools capable of restoring files encrypted by RobinHood yet. The only solution to this issue is to restore your files/system from a backup.

There are dozens of ransomware-type viruses created everyday, all of which are virtually identical. As with RobinHood, there are many viruses such as Blocking, Symbiom, BTCWare, and many others, also encrypt system data and demand a certain amount for ransom. There are only two major differences between them: 1) size  or amount of ransom, and; 2) the type of encryption algorithm used by the developer. Always be aware, however, that most ransomware employs algorithms that generate unique decryption keys that makes restoring files manually without needing the help of the developers  is mostly impossible.

 

How can this RobinHood ransomware infect my computer?

To proliferate ransomware, cyber criminals  usually employ and attach them in spam emails (infectious attachments), third party software download sources (free file hosting websites, freeware download websites, peer-to-peer networks, etc.), trojans, as well as the fake software update tools. Spam emails often contain attachments  JavaScript files, MS Office documents, and many more, and is designed to download/install malware from unknown sources. Unofficial software download sources proliferate malware by disguising it as legitimate software, and the fake updaters exploit bugs/flaws of old software versions to infect the system.

 

How to protect yourself from ransomware infections?

Prevention is always better than cure, and to prevent ransomware infections, always remember to be very cautious when browsing the Internet. Also, never open files received from suspicious, unfamiliar/unrecognizable emails or download software from third party sources. Always keep installed applications updated and invest and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is always caution.

 

How to remove RobinHood Ransomware using Safe Mode with Networking?

Step 1:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Windows 8 users: Start Windows 8 is Safe Mode with Networking – Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened “General PC Settings” window, select Advanced startup. Click the “Restart now” button. Your computer will now restart into the “Advanced Startup options menu”. Click the “Troubleshoot” button, and then click the “Advanced options” button. In the advanced option screen, click “Startup settings”. Click the “Restart” button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click “Restart” while holding “Shift” button on your keyboard. In the “choose an option” window click on the “Troubleshoot”, next select “Advanced options”. In the advanced options menu select “Startup Settings” and click on the “Restart” button. In the following window you should click the “F5” button on your keyboard. This will restart your operating system in safe mode with networking.

 

Step 2:

Log in to the account infected with the RobinHood virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

 

How to automatically remove RobinHood Ransomware?

Scanning the computer with anti-malware tool instantly eliminates all items linked to RobinHood virus. Though, this may not primarily fix problems on individual internet browser application.

If the outcome of this anti-malware scan did not fully removed the RobinHood virus, then you have to execute procedures for affected browser program manually. Provided below are easy to follow instructions to solve problems for specific browser.

 

Basic steps of SpyRemover Pro:

Step 1. Run SpyRemover Pro installer

Click on the .exe file that just downloaded in the lower right corner of your browser window.

 

Step 2.  Click Yes

Click Yes to accept the User Account Control settings dialog.

 

Step 3. Foll0w setup instructions

Follow the instructions to get SpyRemover Pro set up on your computer and you will be good to go!

 

                “use a one click solution like SpyRemover Pro”

 

No Comment

Leave a Reply

Name Required

Website