First and foremost, they stress that there’s no public decryption tool currently available to recover files encrypted by RobbinHood and that they are monitoring the situation to make sure that the company impacted by the malware does not contact law enforcement. Any attempt to do so “will damage your files,” the warning reads.
Those two recent additions are bad enough on their own, but the hackers took an additional step. They are now directing victims to a web search highlighting an incident that occurred in Greenville North Carolina and another that impacted servers in the city of Baltimore.
Robbinhood was used in both attacks, and while the ransoms demanded in both cases weren’t excessive (less than $100,000 initially demanded), the aftershocks arising from those attacks wound up costing the city millions. In fact, according to CBS Baltimore, the city “put more than $18 million into the attack.”
Clearly, the recent changes to the ransom note used by the attackers is aimed at convincing those impacted by their malware to pay up and keep quiet. How well that will ultimately work remains to be seen, but at this point, the hackers are correct. There is no public decryption tool.
What they don’t mention, of course, is the fact paying the ransom isn’t the only way to recover encrypted files. If your company is in the habit of making good, complete backups at regular intervals, then a ransomware attack doesn’t have to be devastating. With a proper, timely response, it could be little more than an inconvenience. Naturally, the hackers don’t want to draw attention to this, but it is something you and your IT staff should keep very much in mind.