Ransomware GoodWill Detected in India, Makes Victims Donate to Fake Causes: Cloudsek

GoodWill ransomware worm encrypts documents, photos, videos, database, and important files and renders them inaccessible without the decryption key.

By Press Trust of India | Updated: 23 May 2022 10:55 IST

Ransomware GoodWill Detected in India, Makes Victims Donate to Fake Causes: Cloudsek

Photo Credit: Pixabay

Goodwill ransomware could also result in loss of company data

Highlights

GoodWill operators are allegedly interested in promoting social justice
Victims perform three socially driven activities for decryption key
Upon completing all three activities, the operators verify media files

A new ransomware has been detected in India that makes victims donate new clothes to homeless, feed kids in branded pizza outlets and provide financial help to anyone who needs urgent medical attention but cannot afford it, according to digital risk monitoring firm Cloudsek. The company warned that the Goodwill ransomware could also result in temporary, and possibly permanent, loss of company data and a possible shutdown of the company's operations and accompanied revenue loss.

"GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the threat group's name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons," Clousek said in a report.

Once infected, the GoodWill ransomware worm encrypts documents, photos, videos, database, and other important files and renders them inaccessible without the decryption key.

Ransomware Gang Conti Threatens to Overthrow New Costa Rican Government

"The actors suggest that victims perform three socially driven activities in exchange for the decryption key- donate new clothes to the homeless, record the action, and post it on social media, take five less fortunate children to Dominos Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators," the report said.

Once all three activities are completed, the ransomware asks victims to write a note on social media (Facebook or Instagram) on "how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill." Upon completing all three activities, the ransomware operators verify the media files shared by the victim and their posts on social media.

The actor will then share the complete decryption kit which includes the main decryption tool, password file and a video tutorial on how to recover all important files, the report said.

US Offers $15 Million Reward for Information on Conti Ransomware Group

"Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions & services company, that provides end-to-end managed security services," the report said.

Should you pick Vivo over Galaxy S22 and OnePlus 10 Pro? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.