Ransomware
RobbinHood
First seen: 2019-04 • Status: inactive
Currently Inactive
RobbinHood attacked the city of Baltimore and shut down their computers for weeks. It used a clever trick to disable antivirus.
Overview
RobbinHood notably attacked the city of Baltimore, causing $18 million in damages. It used vulnerable drivers to disable security software.
Also Known As
RobinHood
How It Spreads
- • RDP exploitation
- • Manual deployment
What It Does
- • Kills security software via vulnerable driver
- • File encryption
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for vulnerable driver loading
- • Watch for security software termination
MITRE ATT&CK Techniques
T1486, T1068
If You're Infected
- 1.
Block vulnerable drivers
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required