This version of RobinHood doesn't steal from the rich and give to the poor. He just ruins your day. If you don't believe me just ask the City of Baltimore who was legitimately ROCKED last year by it infected their systems and cost the Crab Cake Capital of the World (honestly they call themselves that) $18.2 million.
That's a whole lot of crab cakes.
How does RobinHood work?
Well, it's not with a band of merry men. This lovely piece of code allows attackers to undermine kernel memory in Windows 7, 8 and 10 to bypass endpoint protection software and encrypt files.
The ransomware acts as a wedge and gives them the ability to load a second, unassigned driver into Windows. This driver obliterates the endpoint's security product (including processes and files) and allows it to run without being hindered.
How to defend against RobinHood?
It's much easier to tell you what a piece of ransomware does then it is to tell you how to protect yourself against it.
First and foremost, keep your systems patched and updated. Any door you close will make you safer, though unfortunately it never seems like we're able to keep them closed for long.
Second, just because RobinHood's been leveraged to disable and destroy endpoint protection software doesn't mean that type of software can't detect and stop it in the first place.
Third, educate your end-users on topics like ransomware. The biggest vulnerability is an uneducated workforce that doesn't know the danger or how to react when they see something they're unsure of. An educated end-user could be your best and most effective means of defense.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.