Skip to content
Ransomware group

RobinHood

RobinHood is a ransomware family/group referenced in the provided content as an early example of a bring-your-own-vulnerable-driver (BYOVD) attack.

Profile source: Mallory opens in a new tab

RobinHood

Family profile

RobinHood is a ransomware family/group referenced in the provided content as an early example of a bring-your-own-vulnerable-driver (BYOVD) attack. In February 2020, the RobinHood ransomware group was reported to have weaponized an exploit into an endpoint detection and response (EDR) killer. The content specifically cites RobinHood as an example of ransomware operators using BYOVD techniques to disable security tooling prior to ransomware deployment. It is also listed alongside other malware in discussion of signed kernel drivers as an attack vector into the Windows kernel. The provided material does not include additional high-confidence details on RobinHood’s infection vector, specific targets, associated threat actor attribution beyond the ransomware group name, or indicators of compromise.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning RobinHood

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.