Ransomware GoodWill Detected in India
Without the decryption key, the GoodWill ransomware worm encrypts documents, images, movies, databases, and crucial files, rendering them unusable.
A new ransomware has been discovered in India that requires victims to provide new clothes to the destitute, feed children at branded pizza restaurants, and provide financial assistance to anyone who requires immediate medical attention but cannot afford it.
The Goodwill ransomware, according to the organisation, might cause a temporary and possibly permanent loss of company data, as well as a probable closure of operations and income loss.
“CloudSEK researchers discovered the GoodWill malware in March 2022.
The operators of the threat organisation, as the name implies, are reportedly motivated by social justice rather than conventional financial gain “In a report, stated.
The GoodWill ransomware worm encrypts documents, images, movies, databases, and other vital assets and renders them inaccessible without the decryption key once it has been infected.
“In exchange for the decryption key, the actors suggest that victims perform three socially motivated activities: donate new clothes to the homeless, record the action, and post it on social media; take five less fortunate children to Domino’s Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media; and provide financial assistance to anyone who requires urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with others.”
After completing all three acts, the ransomware requests that victims post a note on social media (Facebook or Instagram) explaining “how you turned yourself into a good human being by becoming a victim of a ransomware called GoodWill.”
The ransomware operators verify the victim’s media files and social media posts after they complete all three tasks.
According to the article, the actor will then distribute the entire decryption kit, which includes the main decryption tool, a password file, and a video lesson on how to retrieve all crucial files.
The email address provided by the ransomware gang was traced back to an India-based IT security solutions & services company that provides end-to-end managed security services, according to the study.