The New Goodwill Ransomware Requires Victims to Do Three Good Deeds


In the environment of cyber-ransomware, it seems, there is a “Robin Hood”. According to CloudSEK specialists, the new extortionate software attacks victims and instead of ransom demands to make a donation to charity.

Yes, that’s right. The Goodwill Ransomware extortion program requires its victims to transfer money to organizations that help the poor. Currently, Goodwill Ransomware attacks victims only in India, Pakistan and some regions of Africa.

CloudSEK Researchers discovered a new cyber-extortion group in March 2022. It seems that she is not interested in financial gain, and the main goal is to restore social justice.

In order to get the key to recover encrypted files, the victim must complete three tasks. The first task is to transfer money to those in need in hospitals who need urgent treatment. The victim must transfer funds, record the entire process of transferring money and further treatment of the patient and forward these video and audio files to extortionists.

The second task is to give the poor new clothes. As in the first case, the fact of the transfer must be recorded, and the materials sent to hackers by e-mail.

The third task is the most interesting. The victim must take hungry children to the Dominos Pizza Hut or KFC pizzeria and pay for their order. Everything should be recorded and sent to hackers.

Instagram Facebook or Instagram) about how “having become a victim of the Goodwill extortion software, she became a kind person.”

After checking the publications and the evidence sent by the victim of the completion of all three tasks, the extortionists send her a key to recover files, a password and a video instruction on decryption.

Since April 2022, Indian law enforcement agencies have been interested in the new group. According to their version, Goodwill is a minor group of hackers from the DPRK.

Start a discussion …