The threat actor referred to as robinhood, often identified in cybersecurity reports by the common misspelling "RobbinHood" with two 'b's, is a ransomware group that first emerged in March 2019. It operates with the primary motivation of financial gain, demanding significant ransom payments in Bitcoin. The group is notable for its tactical focus on exploiting vulnerable systems, particularly within municipal governments and healthcare organizations. A distinguishing characteristic of robinhood is its use of a vulnerable, legitimate Gigabyte kernel driver (gdrv.sys) to disable system security features before deploying its ransomware. While initially perceived as less sophisticated, the group demonstrated an evolution in its attack methodology, employing custom-built ransomware variants often coded in Go (Golang) and later adopting double extortion tactics. The group gained notoriety through high-profile attacks on U.S. cities such as Baltimore and Greenville, North Carolina. While the f

Paises afectados

URLs nuevas detectadas en IntelTracker