Login

Register

Login

Register

RobbinHood Ransomware Update: Sophos Identifies New Attacks

Sophos investigates RobbinHood ransomware attacks in which cybercriminals use a digitally signed hardware driver to delete security products from computers.

Sophos, a cybersecurity software provider, is investigating RobbinHood ransomware attacks in which cybercriminals use a digitally signed hardware driver to delete endpoint security products from computers. The RobbinHood attacks allow cybercriminals to subvert a setting in kernel memory on Windows 7, Windows 8 and Windows 10 to bypass endpoint protection software and encrypt files.

During the RobbinHood attacks, cybercriminals use a gigabyte driver as a wedge that allows them to load a second, unsigned driver into Windows, Sophos stated. This driver then destroys endpoint security product processes and files that enable the ransomware to attack without interference.

RobbinHood previously was used in last year’s Baltimore ransomware attack. Cybercriminals deployed the malware across Baltimore’s servers and government applications and demanded about $100,000 in Bitcoin to unlock hijacked files.

How to Guard Against RobbinHood Attacks

Sophos recommends a three-prong approach to guard against RobbinHood attacks:

  1. Use Threat Protection Tools to Disrupt the Entire Attack Chain: Deploy a wide range of security technologies to combat cyberattacks at different stages.
  2. Leverage Security Best Practices: Use multi-factor authentication (MFA), manage access to databases and systems and deploy other security best practices.
  3. Provide Training: Teach employees about RobbinHood and other types of cyberattacks and ensure that they understand how to identify these attacks in their early stages.

MSPs and MSSPs also can help organizations combat RobbinHood ransomware attacks and other cyberattacks. To do so, MSPs and MSSPs can partner with organizations, evaluate their security posture and offer security services and solutions to help them minimize risk.


Return Home

Source

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW