A new ransomware has been found in India that demands users give new clothes to the underprivileged, feed poor children, and provide financial assistance to deserving patients. Goodwill ransomware could cause data loss in the short term and possibly permanently and business shutdowns or income loss.
“GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the threat group’s name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons,” digital risk monitoring firm Cloudsek said.
GoodWill encrypts crucial documents, images, audio, videos, databases, and other assets, rendering them unavailable unless the decryption key is provided.
“The actors suggest that victims perform three socially driven activities in exchange for the decryption key- donate new clothes to the homeless, record the action, and post it on social media, and take five less fortunate children to Dominos Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators,” the report said.
The malware then asks victims to write a note on Facebook or Instagram about “how you changed yourself into a nice human being by becoming a victim of a ransomware called GoodWill.”
The whole decryption toolkit, which includes the main decryption software, password file, and video tutorial on how to recover all important files, will next be released by Goodwill.
“Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions & services company that provides end-to-end managed security services,” the report said.