A threat actor has announced the release of critical C2C tools used by the RobbinHood ransomware group, originally upgraded to version 2.0 in 2020. According to the actor, during an attack on a government target, the RobbinHood operators neglected to clean their shadow files, leaving behind sensitive information.
The threat actor states that the leak contains sensitive data, including information from victims and the ransomware group’s Monero (XMR) and Bitcoin (BTC) cryptocurrency addresses, tools, fake file hosters, and domain details.
Key Details of the Leak:
- Target Audience: The leak is suggested for law enforcement (“feds”), security researchers, and even those interested in malicious activity.
- Purpose: The actor claims the leak serves as a message to governments that “play the good person role,” highlighting their dissatisfaction with certain actions by government entities.
- File Contents: The files include approximately 130 MB of uncompressed data (compressed to 11.3 MB in a 7z format), featuring IDS/IPS logs and other operational details.
- Sensitive Data: The leak allegedly contains sensitive data such as victim information, ransomware group cryptocurrency addresses, tools, and hosting domains used by the group.