‘GoodWill’ Ransomware Demands Victims Donate to Charity

The cyber attacks have escalated in number irrespective of how advanced our cyber security has become. A new kind of cyber attack has come to front by the name “GoodWill” ransomware. This ransomware makes the victim perform three charitable activities to receive the decryption key.

The GoodWill ransomware is a type of ransomware, in which the hacker gets control of the victim’s system and the victim is locked out of his/her system. They can only access their system with a decryption key which the hacker can provide with if his demand are fulfilled.

In the GoodWill ransomware the hacker ask the victim to perform three specific charitable activities in order to get the decryption code. They are asked to donate to the poor and help the needy.

  • The first activity is they are asked to donate new clothes to the homeless
  • The second activity is take five less fortunate children to a restaurant for a treat
  • The third and last activity is to provide financial assistance to any family who are in dire need of medical attention but cannot afford it.

The hackers have also provided some conditions to fulfil to be qualified as well to get the decryption code. They are required to upload a photo frame with the caption provided by the hackers.

Once these activities and conditions are completed the hackers then ask them to upload a message/note on social media on “How you transformed yourself into a kind human being by becoming a victim of ransomware called GoodWill”

These attacks have been identified first in March by CloudSEK. The malware encrypts documents, photos, videos, databases and other important files and makes them inaccessible without the decryption key. Till date no victim is known of the ransomware.

These attacks have been traced back to an Indian based IT company. The trace have been made via the email address provided by the ransomware.

A catchy line was found in the code “error hai bhaiya” which means “there is an error, brother”  according to the CloudSEK. This line proved it that this ransomware is from operators from India. The company was also able to trace two IP addresses in the ransomware to Mumbai, India.

Though this ransomware is doing a charity and helping the poor but it is being done in an unethical way.

Also Read: India Close to Finalize Consultation Paper on Cryptocurrencies

Back to top button
>
×