A new ransomware has been discovered in India, which tricks victims into donating new clothes to the homeless, feeding children in branded pizza shops and providing financial aid to anyone in need of urgent medical attention but cannot afford it, so the digital risk monitoring company Cloudsek. The company warned that the Goodwill ransomware could also result in a temporary and potentially permanent loss of company data and a possible shutdown of the company’s operations and consequent loss of revenue.
“GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the threat group’s name suggests, operators are reportedly more interested in promoting social justice than traditional financial reasons,” Clousek said in a report.
Once infected, the GoodWill ransomware worm encrypts documents, photos, videos, databases and other important files and makes them inaccessible without the decryption key.
“The actors propose that in exchange for the decryption key, the victims do three socially motivated activities – donating new clothes to the homeless, recording the action and posting it on social media, taking five less fortunate children to Domino’s Pizza Hut or KFC for themselves.” give a treat , take photos and videos and post them on social media and provide financial support to anyone who needs urgent medical attention but cannot afford it at a nearby hospital, record audio and share it with the operators,” says the report.
Once all three activities are completed, the ransomware prompts victims to write a note on social media (Facebook or Instagram) about “how you turned into a kind person by becoming a victim of ransomware called GoodWill”. After completing all three activities, the ransomware operators check the media files shared by the victim and their social media posts.
The actor will then share the complete decryption kit, which includes the main decryption tool, the password file and a video tutorial on how to recover all important files, the report said.
“Our researchers were able to trace the email address provided by the ransomware group to an India-based IT security solutions and services company that provides end-to-end managed security services,” the report reads.
https://gadgets360.com/internet/news/ransomware-goodwill-detected-cloudsek-digital-risk-monitoring-india-3000236 GoodWill Ransomware Discovered in India, Tricks Victims into Donating to Fake Cause: Cloudsek