As it turns out, Yemen has their own version of RobinHood too! But what is this version of RobinHood?
RobinHood ransomware is a malicious Trojan infection that can hold your files hostage. This malware harasses its victims under the pretense of raising awareness and fighting against new Yemen’s prince Mohammed bin Salman and raises funds for the people of Yemen. However, don’t be deceived for RobinHood ransomware is nothing like the Robinhood you knew; unlike the real Robinhood its interests does not lie for the people of Yemen but for its developers only. Obviously its developers are a group of hackers who’s only after what’s in your pockets.
Despite is pretentious front; this virus is just like other ransomware infections too. It infiltrates your computer and encrypts your files and demands a ransom payment in exchange for the decryption key to recover your files. The said demands are contained in a text file named READ_IT.txt that displays the following message:
“HELP YEMEN
Bin Salman of Saudi Arabia is Killing poor and innocent people of Yemen by bombing, creating famine and disease!
You as a Saudian or a Supporter of their activities, are partner of his homicide. So you have been subjected to a ransomware attack and must accept one of the following:
- a) Giving up all your information
- b) Pay five Bitcoins to help Yemeni people.
bitcoin address = 1ENn1BelaKXBotiGuAFE1Yrin3e3vBjUAQH
and send transaction link to: [email protected]
- c) Use Tweeter to condemn Bin Selman for his crimes and ask him to stop the war against Yemen and make 100 users to retweet.”
How does RobinHood ransomware spread?
Ransomware infections reach computers in many ways. The common one they mostly use is through malicious spam email campaigns where they attached the infected file used to infiltrate your computer. Usually, these emails are disguised as something that would pique your curiosity to trick you into opening the email and download its attachment. That’s why it’s always recommended for you to be cautious and never rush in opening any suspicious-looking emails. Aside from spam emails, the following are the other techniques used by cyber crooks to infect your computer:
- Fake software and software updates
- Exploit kits
- Malvertising
Although this parasite seems to spread in Saudi Arabia, the thing is, it also reached other parts of the world like Portugal, Japan and even the United Kingdom. In other words, it can reach your computer if you’re not careful enough when it comes to navigating the jungle that is the internet.
Eliminate RobinHood ransomware using the complete set of instructions below in order to continue using your computer safely. Keep in mind that ransomware often spreads in a bundle with other types of malicious infection.
Step 1: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.
Step 2: Go to the Processes tab and look for RobinHood ransomware’s process or any suspicious processes for that matter and then kill them.
Step 3: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for RobinHood Ransomware or any suspicious program and then Uninstall them.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and look for ROBINHOOD-TIMER.exe, luncher.exe and updater.exe and erase it as well as other suspicious files that has something to do with RobinHood ransomware.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 7: Tap Win + R and type in %SYSTEMROOT%\System32\taskschd.msc and then press OK.
Step 8: Look for MicrosoftSErvices point of execution and delete it.
Step 9: Delete the ransom note from your computer.
Step 10: TRY to recover your encrypted files.
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the RobinHood Ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the RobinHood Ransomware:
Perform a full system scan using SpyRemover Pro.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- Click OK to launch SpyRemover Pro.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.
How to Remove RobinHood Ransomware
- Press Ctrl+Shift+Esc and Task Manager will open.
- Open the Processes tab and highlight suspicious processes.
- Press the End Process button.
- Delete the ROBINHOOD-TIMER.exe file from the directory where you executed the malware.
- Press Win+R and type %TEMP% . Click OK .
- Delete the luncher.exe and
updater.exe files.
- Press Win+R and type
%SYSTEMROOT%\System32\taskschd.msc . Press
OK .
- Delete the MicrosoftSErvices point of execution.
- Remove the ransom note from your PC.
- Scan your system with a reliable antispyware tool.