What is RobbinHood Ransomware
RobbinHood ransomware is a fairly large-scale cryptovirus, which in a short period of time managed to harm users around the globe. Like similar threats, RobbinHood ransomware comes unnoticed by the user, and then immediately encrypts data in the system. It can be audio, video, archives, office documents and much more. Needless to say, such files are very important for most users. Also, scenarios are not excluded when RobbinHood ransomware hits working computers on which important data of reports, summaries and other things are stored. Be that as it may, the crypto-ransomware chooses file categories for a reason.
Initially, RobbinHood ransomware was aimed at users who speak English, however, judging by our data, RobbinHood ransomware even penetrated where English is not spoken at all. The virus became active at the junction of January and February 2020. In addition to encryption, RobbinHood ransomware changes the file extensions to .enc_robbin_hood, after which the data becomes unusable. Also, RobbinHood ransomware creates a special file that serves as a note from intruders. Here’s what it looks like:
What happened to your files?
All your files are encrypted with RSA-4096, Read more on https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA is an algorithm used by modern computers to encrypt and decrypt the data. RSA is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone:1 – We encrypted your files with our “Public key”
2 – You can decrypt, the encrypted files with specific “Private key” and your private key is in our hands ( It’s not possible to recover your files without our private key )Is it possible to get back your data?
Yes, We have a decrypter with all your private keys. We have two options to get all your data back.
Follow the instructions to get all your data back:OPTION 1
Step 1 : You must send us 3 Bitcoin(s) for each affected system
Step 2 : Inform us in panel with hostname(s) of the system you want, wait for confirmation and get your decrypter
OPTION 2
Step 1 : You must send us 7 Bitcoin(s) for all affected system
Step 2 : Inform us in panel, wait for confirmation and get all your decryptersOur Bitcoin address is: xxxxxxxxxxx
BE CAREFUL, THE COST OF YOUR PAYMENT INCREASES $10,000 EACH DAY AFTER THE FOURTH DAY
Access to the panel ( Contact us )
The panel address: http://xbt4titax4pzza6w.onion/xxxx/Alternative addresses
https://xbt4titax4pzza6w.onion.pet/xxxx/
https://xbt4titax4pzza6w.onion.to/xxxx/
Access to the panel using Tor Browser
If non of our links are accessible you can try tor browser to get in touch with us:
Step 1: Download Tor Browser from here: https://www.torproject.org/download/download.html.en
Step 2: Run Tor Browser and wait to connect
Step 3: Visit our website at: panel addressIf you’re having a problem with using Tor Browser, Ask Google: how to use tor browser
Wants to make sure we have your decrypter?
To make sure we have your decrypter you can upload at most 3 files (maximum size allowance is 10 MB in total) and get your data back as a demo.
Where to buy Bitcoin?
The easiest way is LocalBitcoins, but you can find more websites to buy bitcoin using Google Search: buy bitcoin online
As for the requirements, the scammers are already following the working scheme. Attackers require a ransom payment within 4 days from the moment of encryption, and the price can vary from 3 to 7 bitcoins, depending on the number of systems attacked. Moreover, they intimidate users with the fact that after 4 days the amount will increase by 10 thousand dollars daily. Surely, many are willing to pay this huge amount of money. DO NOT HURRY! There is no guarantee that your files will be truly decrypted, even if you pay the ransom in full. We strongly recommend that you remove RobbinHood ransomware first, as the cryptovirus is dangerous as long as it is on your system. You will also find instructions below to decrypt .enc_robbin_hood files.
Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove RobbinHood ransomware manually without a specialist’s help.
RobbinHood Removal Guide
Remember that you need to remove RobbinHood Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:
- Download RobbinHood Removal Tool.
- Remove RobbinHood from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- Restore .RobbinHood files
- How to protect PC from future infections.
How to remove RobbinHood ransomware automatically:
Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.
Alternative solution – Malwarebytes
This program will find malicious files, hijackers, adware, potentially unwanted programs and will neutralize it. Also, Norton will help you clean your system properly.
If you’re Mac user – use this.
Manual RobbinHood Removal Guide
Here are step-by-step instructions to remove RobbinHood from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to RobbinHood. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.
Uninstall RobbinHood from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
RobbinHood.dll
_readme.txt
readme.txt
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to RobbinHood by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to RobbinHood by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to RobbinHood by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to RobbinHood by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to RobbinHood by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.