Remove Enc_robinhood Ransomware Virus

How to Remove Enc_robinhood Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

What happened to your files?
All your files are encrypted with RSA-4096, Read more on https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA is an algorithm used by modern computers to encrypt and decrypt the data. RSA is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone:
1 – We encrypted your files with our “Public key”
2 – You can decrypt, the encrypted files with specific “Private key” and your private key is in our hands ( It’s not possible to recover your files without our private key )
—
Is it possible to get back your data?
Yes, We have a decrypter with all your private keys. We have two options to get all your data back.
Follow the instructions to get all your data back:
OPTION 1
Step 1 : You must send us 0.8 Bitcoin(s) for each affected system
Step 2 : Inform us in panel with hostname(s) of the system you want, wait for confirmation and get your decrypter
OPTION 2
Step 1 : You must send us 13 Bitcoin(s) for all affected system
Step 2 : Inform us in panel, wait for confirmation and get all your decrypters
Our Bitcoin address is: 132wg6kkJJ4MpNKnuhVoptYPmYHf6C5xHE
BE CAREFUL, THE COST OF YOUR PAYMENT INCREASES $10,000 EACH DAY AFTER THE FOURTH DAY
—
Access to the panel ( Contact us )
The panel address: http://xbt4titax4pzza6w.onion/EvcNuvq4gckb/
Alternative addresses
https://xbt4titax4pzza6w.onion.pet/EvcNuvq4gckb/
https://xbt4titax4pzza6w.onion.to/EvcNuvq4gckb/
—
Access to the panel using Tor Browser
If non of our links are accessible you can try tor browser to get in touch with us:
Step 1: Download Tor Browser from here: https://www.torproject.org/download/download.html.en
Step 2: Run Tor Browser and wait to connect
Step 3: Visit our website at: panel address
If you’re having a problem with using Tor Browser, Ask Google: how to use tor browser
—
Wants to make sure we have your decrypter?
To make sure we have your decrypter you can upload at most 3 files (maximum size allowance is 10 MB in total) and get your data back as a demo.
—
Where to buy Bitcoin?
The easiest way is LocalBitcoins, but you can find more websites to buy bitcoin using Google Search: buy bitcoin online

Enc_robinhood is yet another ransomware virus. It is a parasite that sneaks into your computer, spreads its corruption throughout your entire operating system, and corrupts your data. The ransomware follows programming to detect and encrypt the user-generated files. Pictures, music, databases, archives, documents – there are no immune files. The virus locks your precious data and makes it inaccessible. You can still see the icons of your files, but everything that has the .enc_robinhood extension is unavailable. You can’t view nor edit these files. The ransomware, of course, promises a solution. It drops a ransom note which lists the hackers’ demands. The criminals promise to restore your data in exchange for a hefty ransom paid in Bitcoin. Do not make mistakes! Don’t open your wallet. You are dealing with experienced manipulators who tend to double-cross their victims. Paying the ransom doesn’t guarantee results. So, don’t swing into action. Take your time and consider your options.

How did I get infected with?

Corrupted links, fake updates, malicious bundles, pirated software, spam messages – there are myriads of ways for Enc_robinhood to reach your computer. This ransomware has numerous tricks up its sleeve. If you, however, take a close look at them, you’ll realize that they share a common flaw – its tricks rely on your negligence. Enc_robinhood infects your computer when you give into naivety and click on a corrupted link, download a malicious attachment, install a fake update. This virus, just like many other parasites, preys on your gullibility. Your diligence, on the other hand, prevents its tricks from succeeding. So, make the right decision – choose caution over carelessness. Don’t visit shady websites. Download software and updates from reputable (preferably official) sources only. And be very careful with your inbox. Whether it’s an instant message or an email, treat all unexpected messages as potential threats. Always take a minute to verify the senders. If, for example, you receive a message from your bank, go to their official website. Compare the email addresses listed there to the suspicious one. If they don’t match, delete the pretender. You can also enter the suspicious addresses into a search engine. If they were used for shady business, someone might have complained online.

Why is Enc_robinhood dangerous?

Enc_robinhood is a nightmare. This ransomware sneaks into your computer and corrupts everything. It holds your files as hostages and corrupts every file you download or create. The virus makes your computer as good as useless and pushes you into paying the ransom. Don’t give in! Don’t pay the ransom! The hackers promise a lot, but they rarely deliver. Practice shows that these criminals tend to ignore the victims once they receive the ransom. There are cases when the victims paid just to be blackmailed for more. There are also instances when the victims received nonfunctional or partly-functional decryption tools. What will you do if this happens to you? You can’t ask for a refund. You are dealing with criminals who know what they are doing. The hackers demand Bitcoin – an untraceable currency. No one can help you get your money back once you complete a Bitcoin transaction. So, don’t give into naivety! Don’t pay the ransom! Such actions will only encourage the hackers to continue with their criminal activities. Consider discarding your files. If you have backups saved on external devices, you can use them to restore your files. Just make sure that the virus is completely removed before you attempt any such operations!

Enc_robinhood Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Enc_robinhood Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Enc_robinhood encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Enc_robinhood encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.