The new ransomware makes the victim donate poor financial aid to patients in need

New Delhi: A new ransomware It was found in India that victims donate new clothes to the homeless, feed children with the brand pizzerias and provide financial help to anyone who needs urgent medical attention but can’t afford it, according to the digital risk monitoring company cloud sec. The company warned that the Goodwill ransomware it could also result in a temporary, and possibly permanent, loss of corporate data and a possible shutdown of the company’s operations and consequent loss of revenue.

“GoodWill ransomware has been identified by CloudSEK researchers in March 2022. As the name of the threat group suggests, practitioners would be interested in promoting social justice rather than conventional financial reasons, “Clousek said in a report.

Once infected, the GoodWill ransomware worm encrypts documents, photos, videos, databases and other important files and makes them inaccessible without the decryption key.

“The actors suggest that the victims carry out three socially guided activities in exchange for the decryption key: donate new clothes to the homeless, record the action and post it on social media, bring five less fortunate children to Dominos Pizza Hut or KFC for a surprise,” take photos and videos, post them on social media, and provide financial assistance to anyone in need of urgent medical attention but can’t afford it, at a nearby hospital, record the audio and share it with operators, ”the report said.

Once all three activities are complete, the ransomware asks victims to write a note on social media (Facebook or Instagram) about “how you turned into a kind human being by becoming a victim of a ransomware called GoodWill”.

After completing all three tasks, the ransomware operators verify the media files shared by the victim and their social media posts.

Discover the stories of your interest

The actor will then share the full decryption kit which includes the master decryption tool, password file, and a video tutorial on how to recover all important files, the report states.

“Our researchers were able to trace the email address, provided by the ransomware group, to an India-based IT security services and solutions company that provides end-to-end managed security services,” the report states.

Stay on top technology Other startup news what matters. subscribe to our daily newsletter for the latest and greatest tech news, delivered straight to your inbox.