Charity Or Cybercrime? Goodwill Ransomware Cracks Your Decryption If You Donate


Ransomware has been found in India that demands victims provide new clothes to the destitute, feed children at branded pizza restaurants, and provide financial assistance to anyone who needs urgent medical treatment but cannot afford it.

It has been reported that the Goodwill ransomware might cause temporary or permanent data loss, as well as possible closure of operations and income loss. “CloudSEK researchers discovered the GoodWill malware in March 2022. The operators of the threat organization, as the name implies, are reportedly motivated by social justice rather than traditional financial gain “In a report, Clousek stated.

The GoodWill ransomware worm encrypts records, images, movies, databases, and other vital assets and turns them inaccessible without the decryption key after it has been infected.

“In exchange for the decryption key, the actors suggest that victims perform three socially motivated activities: donate new clothes to the homeless, record the action, and post it on social media; take five less fortunate children to Domino’s Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media; and provide financial assistance to anyone who requires immediate medical attention but could afford it, at a nearby hospital, record audio, and share it with others.”

After completing all three acts, the ransomware requests that victims post a letter on social networking sites (Facebook or Instagram) explaining “how you turned yourself into a good human being by just being a sufferer of a ransomware called GoodWill.” The ransomware attackers verify the victim’s media files and social media postings after they complete all three tasks. According to the article, the actor would then distribute the whole decryption kit, which includes the primary decryption tool, a password file, and a video lesson on how to retrieve all crucial files.