According to Cloudsek, a new ransomware has been discovered in India that requires victims to donate new clothes to the homeless, feed children in branded pizza restaurants, and provide financial assistance to anyone who requires urgent medical attention but cannot afford it. The company also warned that the Goodwill ransomware could cause temporary, and possibly permanent, data loss, as well as a possible shutdown of the company’s operations and revenue loss.
“GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the threat group’s name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons,” Clousek stated in a report.
When infected, the GoodWill ransomware worm encrypts documents, photos, videos, databases, and other important files, rendering them inaccessible unless the decryption key is provided.
In exchange for the decryption key, the actors propose that victims accomplish three socially motivated activities: donate new clothes to the homeless, record the action, and post it on social media, and take about 5 less fortunate children to Dominos Pizza Hut or KFC for a treat, take images and videos, and post it on social media, as well as provide monetary support to anybody who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the actors.
Once all three activities are completed, the ransomware requests that victims post a note on social media (Facebook or Instagram) about how they transformed themselves into kind human beings by becoming victims of the GoodWill ransomware.
After completing all three activities, the ransomware operators validate the victim’s media files and social media posts.
The actor will then distribute the entire decryption kit, which includes the main decryption tool, a password file, and a video tutorial on how to recover all critical files.