Delete Robm ransomware

Robm ransomware is a generic file-encrypting malware from the notorious Djvu/STOP ransomware family. It’s a dangerous piece of malware that will essentially take your personal files hostage and demand payment for a decryptor. The group operating this ransomware is notorious for releasing ransomware versions on a regular basis. The versions are more or less identical to another but can be differentiated by the extensions they add to encrypted files. For example, this ransomware adds .robm, hence why it’s known as Robm ransomware. Unfortunately, files cannot be decrypted unless you have a very specific decryptor, which is at the hands of the people operating this ransomware. And they will not just give it to you.

 

 

Robm ransomware is essentially identical to Iisa, Pqgs, Utjg, and Futm. They all target the same types of files, just like any other ransomware. All your personal files, including photos, videos, images, documents, etc., will be encrypted because those are the files you will likely be most willing to pay for. The encrypted files will have an extension added to them, .robm in this case. For example, an encrypted image.jpg file would look like this, image.jpg.robm. You will not be able to open any of the files with this extension unless you first run them through a decryptor. However, the decryptor is not freely available, you would need to pay for it.

File encryption will begin as soon as you initiate the malicious file. While it’s encrypting files, the ransomware will show a fake Windows update window. And once file encryption is fully completed, you will find a _readme.txt ransom note in all folders that contain encrypted files. The note is pretty generic and explains how to acquire the decryptor. Unfortunately, it involves paying a ransom. The regular price for the decryptor is $980 but according to the note, people who contact the ransomware operators within the first 72 hours would receive a 50% discount. Whether that is true or not, paying the ransom is usually not recommended for a couple of reasons. One of the main reasons why paying the ransom is risky is that it does not guarantee file decryption. What you need to keep in mind is that you are dealing with cybercriminals who are unlikely to feel any kind of obligation to help you even if you pay. Unfortunately, many users did not receive a decryptor after paying in the past, and that could happen to you as well. Users paying the ransom is also why ransomware is so common. As long as users continue paying, ransomware will remain. In the end, whether you pay the ransom or not is your decision but you need to be aware of the risks in order to make an informed decision.

If you have a backup, recovering files should not cause any issues as long as you first remove Robm ransomware from the computer. Make sure to use anti-virus software for Robm ransomware removal because if you try to do it manually, you could end up missing something. If some parts of the ransomware remain, it may be able to recover. And if you access your backup while the ransomware is still present, your backed-up files would become encrypted as well. Thus, the use of anti-virus software is strongly recommended.

If you were not backing up files prior to the infection, your only option may be to wait for a free decryptor to become available. There is a free Djvu/STOP decryptor by Emsisoft but, unfortunately, it will not work on Djvu/STOP versions released after 2019. The fact that this ransomware uses online keys to encrypt files makes it very difficult to develop a working decryptor because the keys are unique to each victim. Unless those keys are released, it’s unlikely that a free Robm ransomware decryptor will become available. However, it’s not impossible that either the cyber crooks themselves or law enforcement will eventually release the keys or a free decryptor, so back up encrypted files and occasionally check NoMoreRansom.

Ransomware distribution methods

One of the most common ways users end up with ransomware is via malicious email attachments, or otherwise known as malspam. It’s a very basic method that involves malicious actors purchasing thousands of email addresses and sending them low-effort malspam with malicious attachments. In most cases, the emails are of very poor quality, which makes them very obvious. This works in users’ favor because they can detect malicious emails if they know what to look for. One of the main signs of a malicious email is grammar/spelling mistakes in emails that are supposedly sent by companies whose services you use. Legitimate emails will rarely contain mistakes because it looks unprofessional but malspam is full of them. So if you see very obvious mistakes, you should be suspicious. Another thing to look out for is how you are addressed in emails. If the sender claims to be from a company whose services you use but you are addressed in generic terms like “User”, “Member”, “Customer”, etc., be suspicious. You likely noticed that legitimate senders always address you by your name. If you notice these signs, or if something about an email feels off, you should be very careful with attachments. We should also mention that some malspam emails are more sophisticated when they target someone specific. This is why it’s always recommended to scan email attachments with either anti-virus software or VirusTotal.

If you are a torrent user and use it to download copyrighted content for free, you have a risk of infecting your computer with malware. Torrent sites are quite poorly moderated a lot of the time, which allows cyber crooks to upload malicious content. So not only is pirating copyrighted content essentially stealing, but it’s also dangerous for the computer.

Robm ransomware removal

When it comes to ransomware, it’s never recommended to remove it manually because it’s a complex infection. Thus, use anti-virus software to delete Robm ransomware from your computer. Your anti-virus should take care of everything. Once you fully remove Robm ransomware, you can access your backup to start recovering files.