GoodWill ransomware spotted in India: Beware of this malicious software with good intentions
“GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the name suggests, the operations behind it are said to be in promoting social justice rather than conventional financial reasons,” ClouSEK said in a report.
What does GoodWill ransomware do?
The GoodWill ransomware, once infected, encrypts the victim’s documents, photos, videos, databases, and other important files and makes them inaccessible without a decryption key. Apparently, the actors ask that victims perform three social activities in exchange for the decryption key.
These include taking five less fortunate children to Domino’s, Pizza Hut, or KFC for a treat, taking pictures and videos, and posting them on social media, offer financial support to those who need urgent medical attention (but can’t afford it) by taking them to a nearby hospital, record audio and share with the operators, and donate new clothes to the homeless, record the action, and post it on social media.
Once the activities are done, the ransomware asks victims to post on social media “how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill.” The ransom operators verify the media files shared by the victims and their social media posts. The intruders then share the complete decryption kit that will include the main decryption tool, password file, and a video tutorial to recover all important files, said the report.
“Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions & services company, that provides end-to-end managed security services,” the report said.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.