What is Robin Hood And Family ransomware? And how does it execute its attack?
Robin Hood And Family ransomware is not your typical ransomware infection. What makes this different from other ransomware threats is that instead of encrypting its targeted data it deletes them right away which is why it is also deemed as a “wiper”. This unusual ransomware threat displays a threatening message to its victims about lost pictures, documents, and other important files. Once it has succeeded in deleting the targeted files in a computer, you will see this threatening message on your screen:
“So, what the f*ck just happened!!!???
You are hacked! In the past few hours, days, weeks or even months(who knows how long) we have backed up all data from your computer. After that, well, we permanently deleted all your files. And no, you can’t restore data from recycle bin.
How to retrieve your data? It’s very easy, you have to pay 0.1 BTC (Bitcoin) to the following BITCOIN ADDRESS:
1CncuQzDP86vEpS3un8R7BT2yiEgUCpkQg
Note: Be careful with uppercase and lowercase letters in the address.
After payment send the code Pml2N6nHjK to the following email address: [email protected]
The code Pml2N6nHjK is a unique ID of your computer.
After we receive 0.1 Bitcoin we will send you via email web address and login parameters where you can download your data.
Don’t worry, we are taking care of our reputation.
Best regards,
Robin Hood and family”
This intimidating message is contained in a text file named “YOU ARE HACKED- READ ME.txt” and as you can tell, it states that the files in your computer are deleted but crooks claim that they have backup copies of the deleted files on their server and the only way to access them is when you pay the ransom. This crypto-malware demands a ransom of 0.1 Bitcoin but paying it is definitely not advised as it is highly possible that the crooks do not have backup copies of the files unlike what they claimed and even if they do, chances are they will only ignore you once they receive the payment. Thus, you have to wipe out this ransomware threat from your system before it can further delete files on your computer.
How is the malicious payload of Robin Hood And Family ransomware disseminated online?
The malicious payload of Robin Hood And Family ransomware may be disseminated with the use of spam emails. Crooks have been using this most common distribution method in spreading ransomware threats as it is a proven successful technique – once users download and open the infected attachment in the email, ransomware threats like Robin Hood And Family ransomware will be installed in the system right away.
Refer to the removal guide provided below to kill Robin Hood And Family ransomware and its malicious components from your system.
Step 1: Restart your PC and boot into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Step 2: Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt, hit Enter.
Step 3: After loading the Command Prompt type cd restore and hit Enter.
Step 4: After cd restore, type in rstrui.exe and hit Enter.
Step 5: A new window will appear, and then click Next.
Step 6: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the Robin Hood And Family Ransomware. A dialog box will appear and then click Yes.
Step 7: After System Restore has been completed, try to enable the disabled Windows services.
- Press Win + R keys to launch Run.
- Type in gpedit.msc in the box and press Enter to open Group Policy.
- Under Group Policy, navigate to:
- User Configuration\Administrative Templates\System
- After that, open Prevent access to the command prompt.
- Select Disable to enable cmd
- Click the OK button
- After that, go to:
- Configuration\Administrative Templates\System
- Double click on the Prevent Access to registry editing tools.
- Choose Disabled and click OK.
- Navigate to :
- User Configuration\Administrative Templates\System>Ctrl+Alt+Del Options
- Double click on Remove Task Manager.
- And then set its value to Disabled.
Step 8: Open Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the malicious processes of Robin Hood And Family Ransomware and end them all.
Step 9: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK to open the list of installed programs. From there, look for Robin Hood And Family ransomware or any malicious program and then Uninstall it.
Step 10: Tap Windows + E keys to open the File Explorer then navigate to the following directories and delete the malicious files created by Robin Hood And Family ransomware in each directory like the text file named YOU ARE HACKED- READ ME.txt.
- C:\Users\(your pcname)\AppData\Roaming
- %TEMP%.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
Step 11: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name], this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 12: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 13: Navigate to the paths listed below and delete all the registry values added by Robin Hood And Family ransomware.
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
- HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
- HKEY_CURRENT_USER\Control Panel\Desktop
Step 14: Close the Registry Editor and empty your Recycle Bin.
After you’re done with the steps given above, you need to continue the Robin Hood And Family ransomware removal process using a reliable program like [product-name]. How? Follow the advanced removal steps below.
Perform a full system scan using [product-code]. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.