A New form of Ransomware doesn’t want your Money, it wants a Good Deed
Whether good or bad, one aspect of cybersecurity is that you can always count on an evolving landscape where there is always something new. That is exactly the case with a new type of ransomware that was discovered by security firm CloudSEK called “GoodWill”.
GoodWill ransomware might seem like an April Fool’s joke – but in reality – it just wants you to do something good for the world.
GoodWill is not interested in extorting money from its victims. While it still encrypts files like normal and locks them for ransom, a cash settlement isn’t the way to get your files back. GoodWill wants you to do something good for the world, and then provide video proof that you actually did it.
In a post created by the originators of the ransomware, they explain:
“Our Aim
The word “GoodWill” means to show kindness
Story:-
Team GoodWill is not hungry of Money and Wealth but kindness. We want to make every person on the planet to be kind and wants to give them a hard lesson to always help poor and needy people.
So, all our victims need to be gentle and kind to get their files back. We know that you are very excited for the play.
Take Deep breath and look all around from those who needs help?
You! No way, the only way to help yourself is to help others
hope you understand”
GoodWill ransomware tells you to perform three acts of goodwill.
The first request is for you to donate new clothes and blankets to the homeless. Ransomware victims are told to make a video of them giving assistance to the homeless, and to post it to either their Facebook, Instagram and WhatsApp to encourage others to help those in need.
The second request is accompany five poor children (under the age of 13) to Dominos, Pizza Hut or KFC and allow them to order any food that they wish.
“Take some selfies of them with full of smiles and happy faces, Make a beautiful video story on this whole even and again post it on your Facebook and Instagram Stories with photo frame and caption provided by us. Take a screen shot of your posts, snap of restaurant’s bill and send email to us with valid post link, later our team will verify the whole case and promotes you for the next activity. Help those less fortunate than you, for it is real human existence.”
The final requests is to provide financial assistance to those who need urgent medical assistance, but cannot afford to pay for it themselves.
“Visit the nearest hospital in your area and observe the crowd around you inside the hospital premises. You will see that there will be some people who need certain amount of money urgently for their medical treatment, but they are unable to arrange due to any reason. You have to go near them and talk to them that they have been supported by you and they do not need to worry now, Finally Provide them maximum part of required amount. Again, Take some Selfies of them with full of smiles and happy faces, Record Audio while who conversation between you and them and send it to us.”
The attackers say that if you provide convincing evidence that you have fulfilled all three obligations, they will provide a decryption tool for the recovery of your files.
So will any victims actually go along with the scheme? If you find any posts on social media using the provided “photo frame”, I guess we’ll find out.
This is a very different version of ransomware, and one that should still be take just as seriously as any other. Prevention of any ransomware should still be top of mind. Some tips to protect you and your organization from a ransomware attack include:
Making secure offsite backups
Running up-to-date security solutions and ensuring your computers are protected with the latest security patches against vulnerabilities
Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication
Encrypting sensitive data wherever possible
Educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data
Story via Tripwire
