A new ransomware group called GoodWill has recently been discovered, which encrypts company data but demands charity work for the decryption key.
Based on reports, the vigilante extortion group requires that their target should donate clothing to the homeless, provide orphans with food such as pizzas, and offer monetary assistance to those who are sick and needs immediate medical attention.
The recent report comes from a cybersecurity research group that monitors risk across India. According to them, the ransomware could result in temporary and permanent loss of company encrypted data. Furthermore, the ransomware could also end up in an overall shutdown of operations of a targeted company and financial loss.
In addition, the researchers were able to uncover the email address used by the GoodWill ransomware group. The email was based in an Indian IT security solutions and services company that serves an end-to-end managed security service.
The compassionate ransomware group was uncovered by the researchers back in March. As the threat group’s name implies, its operators are interested in promoting social justice instead of gaining monetary profit.
The GoodWill group will encrypt every piece of data that is only retrievable by charitable deeds.
If GoodWill ransomware infects a target, it encrypts every photo, document, video, file, and database. After encryption, the affected user will no longer have access to the data without a decryption key.
The threat actors will then suggest that victims perform social-driven activities in exchange for the decryption keys. The GoodWill operators demanded that their target should donate new clothes to the poor and homeless people, take an x number of children to a fast-food chain and treat them with whatever food they want, provide financial assistance to anyone who is stuck in a dire situation, and provide medical attention to those who are ill and cannot afford any medication.
The affected entity should document these deeds by taking pictures and video recordings and publishing them on social media platforms. Moreover, the company should submit these details to the GoodWill operators to receive their decryption keys.
Lastly, the ransomware operators will ask the company to write a message on Instagram or Facebook that will show that they helped these less unfortunate people because the GoodWill ransomware group has attacked them.
