News

GoodWill, the charitable ransomware that forces you to do three good deeds to get your data back

Who hasn’t had to deal with the dreaded ransomware? In fact, according to DarkTracer, a company dedicated to monitoring the activity of ransomware groups on the so-called dark web, from January 1, 2019 to November 9, 2021, a total of 53 ransomware gangs in just under two years affected almost 4,000 companies. And it is that none is safe from their attacks although of course, Not all ransomware is equally malicious, at least at first glance.

Usually, when ransomware gets into our computer, it asks us for money or cryptocurrencies to give us back control of our system… until now. A ransomware has been identified that is not like the others or at least that is not its objective. This is GoodWill, a ransomware that forces its victim to carry out three acts of charity so that it can recover its data. Strange, right?

Discovered by the cybersecurity company CloudSek, claims that it is a ransomware originating from India -thanks to the identified IP addresses and the language used in part of their codes-. And that with these actions what it intends is to create a “more supportive” society and one that “helps the poor and needy”. So if you are affected by GoodWill you will need to perform three good deeds before regaining normal access to your data, but what actions?

What forces you to do GoodWill

We must first understand how this good samaritan among ransomware works. GoodWill uses a sleep timer to interfere with real-time scanning. After infecting the device, the victim must perform three selfless acts ??but beware! also document them on your social networks so that there is a record of them. Never seen before in ransomware attacks, wow.

1st charity

The first good deed is to help people who have had a road accident. Approach the scene of the accident and bring them clothes and blankets. To support the achievement of such a feat, the victim must film the moment in a video and post it later on Instagram, Facebook or WhatsApp, albeit using a photo frame provided by these “charity” hackers. Later, take a screenshot of the story and send it via email.

2nd charity

If you have fallen into the hands of GoodWill, you would still have two more charities left to recover your data. The second is to invite five children under 13 to eat, yes, only to the restaurants that they say, in this case Domino’s Pizza, Pizza Hutt or Kentucky Fried Chicken which, needless to say, have nothing to do with the aforementioned ransomware.

Once such a copious lunch or dinner is over, the victim must take a smiling selfie with the children and share it on social networks. A copy of the ticket and required screenshots must also be emailed.

3rd charity

GoodWill curls, the curl with the third task, which is somewhat more difficult. And it is that the victim must pay someone’s hospital bill. The instructions state that he should go to a hospital and start talking to people, record the conversation and have the victim tell the chosen person that they no longer need to worry. Finally, the victim must send the audio recording although, it is not very clear why, at this point it is not necessary to present proof of payment. And, of course, also publish it on social networks.

A whole series of challenges that seek to transform the person / victim into a good samaritan, thanks to malware. After these somewhat surreal exploits, the victim receives a decryption kit and, in principle, recovers their data. From CloudSEK they affirm that although GoodWill is not as dangerous a malware as others, it is recommended, as always, to have a backup copy of important documents and test that they work in case an incident like this occurs.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *