According to digital risk monitoring firm CloudSec, a new ransomware has been identified in India that donates new clothes to the homeless, feeds babies at branded pizza outlets and provides financial assistance to anyone who needs emergency medical help but cannot afford it.
The company warns that goodwill ransomware can be temporary, and possibly permanent, to lose company data and shut down the company’s operations, along with revenue loss.
“Goodwill Ransomware was identified by researchers at CloudSE in March 2022. According to the name of the threat group, operators have been accused of promoting social justice rather than conventional financial reasons,” Klosek said in a report.
Once infected, Goodwill Ransomware encrypts worm documents, photos, videos, databases and other important files and does not make them accessible without decryption keys.
“The actors suggest that the victims perform three socially driven activities in exchange for decryption keys – donate new clothes to the homeless, record the action and post it on social media, take five less fortunate children to Domino’s Pizza Hut or KFC for treats, pictures and Take videos, and post them on social media and anyone who needs emergency treatment but can’t afford it, to a nearby hospital, record audio and share it with operators, “the report said.
After the three activities are over, the ransomware asks the victims to write a note on social media (Facebook or Instagram) “How you have transformed yourself into a kind person by being a victim of ransomware called Goodwill.” After completing the three activities, the ransomware operators verify the media files shared by the victims and their posts on social media.
The actor will then share a complete decryption kit that includes the main decryption tool, password files and a video tutorial on how to recover all important files, the report said.
“Our researchers have been able to retrieve the email address provided by the Ransomware Group to an India-based IT security solutions and services company that provides end-to-end managed security services,” the report said.