"GoodWill Ransomware Demands People Help the Most Vulnerable"

Security researchers at CloudSEK have discovered a "ransomware with a cause."   The researchers warned that GoodWill ransomware could lead to both temporary and permanent loss of company data.  In addition, the ransomware could lead to a complete shutdown of operations and revenue loss.  The researchers were able to trace the email address provided by the ransomware group back to an India-based IT security solutions and services company that provides end-to-end managed security services.  GoodWill ransomware was identified by CloudSEK researchers in March 2022.   The ransomware operators are allegedly interested in promoting social justice rather than conventional financial reasons.  The researchers stated that if the GoodWill ransomware affects a system, every single document, photo, video, database, and file becomes encrypted, after which users can no longer access the data without a decryption key.  The actors then suggest that victims perform three socially driven activities in exchange for the decryption key: donate new clothes to the homeless, record the action and post it on social media; take five less fortunate children to Dominos, Pizza Hut, or KFC for a treat, take pictures and videos and post them on social media; and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators.  The researchers noted that should the target carry out these three tasks, the ransomware asks them to share a message on Facebook or Instagram, demonstrating "how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill." Once verified, the person orchestrating this invasive event will reportedly provide those affected with a decryption kit to recover the stolen data.
 

Infosecurity reports: "GoodWill Ransomware Demands People Help the Most Vulnerable"