GoodWill ransomware attackers share a three-page ransom notice asking the sufferer to carry out three duties to get the decryption key- they need them to donate to the homeless, feed poor children, and supply monetary help to a affected person in want.
CloudSEK Menace Intelligence Analysis crew has warned about new ransomware dubbed GoodWill Ransomware that may trigger non permanent to everlasting information loss and might also shut down operations, resulting in huge income losses.
The digital danger monitoring service additionally reported that they traced the e-mail IDs of the GoodWill Ransomware operators to an Indian IT safety options/companies supplier providing end-to-end managed safety companies.
It’s price noting that this marketing campaign was detected in New Delhi, India, in March 2022. In keeping with CloudSEK’s evaluation of the GoodWill Ransomware marketing campaign, “the operators are allegedly concerned with selling social justice somewhat than typical monetary causes.”
GoodWill Ransomware particulars
The GoodWill Ransomware is written in .NET and is supplied with UPX packets. The malicious software program sleeps for 722.45 secs to interrupt dynamic evaluation and leverages the AES_Encrypt characteristic and the AES algorithm for encrypting information.
Certainly one of its strings titled GetCurrentCityAsync can detect the contaminated system’s geolocation. GoodWill ransomware can encrypt each single file on a system, together with databases, images, and movies, and the sufferer can’t entry the info except they get the decryptor key.
Distinctive Calls for of GoodWill Ransomware
In keeping with CloudSec’s weblog put up, attackers share a three-page ransom notice asking the sufferer to carry out three duties to get the decryption key- they need them to donate to the homeless, feed poor children, and supply monetary help to a affected person in want.
On this ransomware-with-a-cause marketing campaign, attackers demand folks donate garments to the homeless. Curiously, the attackers ask folks to supply meals from high-end franchises like KFC, Dominos, or Pizza Hut to no less than 5 much less lucky youngsters. They demand victims put up images and movies of their charity actions on social media.
Moreover, the victims present monetary assist to somebody in want of pressing medical care who can’t afford it at any close by hospital, report their audio and ship it to the GoodWill Ransomware operators.
As soon as the sufferer completes these duties, the attacker calls for to share a message on Instagram or Fb to show their transformation right into a humane particular person. After verification, the attacker sends the sufferer a decryption equipment for information restoration.
Goodwill ransomware group propagates very uncommon calls for in trade for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and supplies monetary help to the sufferers in want.
CloudSEK
