Robbin Hood – the ransomware that brings its own bug

2020-02-07 16:35

Crooks such as the gang behind the Cryptolocker ransomware were able to make millions, perhaps even hundreds of millions, of dollars by infecting hundreds of thousands of users and businesses, and then demanding $300 a time to unlock each user's files.

System services often keep critical files in permanent use, meaning that they can't easily be deleted or modified, which stops the crooks from scrambling them in a ransomware attack.

After which the crooks can exploit a bug in the signed driver to trick Windows into letting them load their own, unsigned and malicious kernel driver!

In the RobbinHood attack, there are many up-front steps - including loading the suspicious kernel drivers - that the crooks have to take.

In many network-wide ransomware attacks we investigate, the crooks sneak in by using remote access portals that you opened up for legitimate purposes but then forgot to secure properly.

News URL

https://nakedsecurity.sophos.com/2020/02/07/robbin-hood-the-ransomware-that-brings-its-own-bug/

#ransomware