Security researchers discovered a new ransomware that is quite unique. While ransomware usually demands a ransom from its victims, this new ransomware asks its victims to donate clothes and food to those in need.
The GoodWill ransomware was first identified by cybersecurity firm CloudSEK. Although the way it works is slightly different, this ransomware can still hold its victim's data hostage.
Once a device is infected, this ransomware will instantly encrypt documents, photos, videos, databases, and other important files that can only be accessed using a decryption key.
CloudSEK warns that the GoodWill ransomware could also cause companies to temporarily or permanently lose data, cripple company operations, and cause material losses.
So far the GoodWill ransomware method is still similar to most ransomware. But in ransom, they ask the victim to do three good deeds, namely:
- Donate new clothes for the homeless
- Take the less fortunate children to Dominos, Pizza Hut, or KFC
- Provide financial assistance to anyone who needs emergency treatment at the nearest hospital but cannot afford it.
"The GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the name of this group suggests, its operators are allegedly only interested in promoting social justice rather than conventional financial reasons," CloudSEK said in its report, as quoted by Business Insider India, Saturday (28/5/2022) .
"Our researchers were able to trace email addresses, provided by the ransomware group, to an India-based IT security solutions and services company, which provides end-to-end security services."
When making these three requests, the victim is asked to take photos and record videos to be uploaded to social media. After the three requests were completed, victims were asked to write messages on social media about how they became better human beings after falling victim to the GoodWill ransomware.
After completing all requests, the ransomware operator will verify the media the victim sent and their posts on social media.
The operator will then share a decryption kit containing a decryption tool, a password file, and a video tutorial showing how to restore all important files.