A brand new ransomware has been detected in India that makes victims donate new garments to homeless, feed children in branded pizza retailers and supply monetary assist to anybody who wants pressing medical consideration however can not afford it, in line with digital danger monitoring agency Cloudsek.
The firm warned that the Goodwill ransomware may additionally end in non permanent, and presumably everlasting, lack of firm information and a potential shutdown of the corporate’s operations and accompanied income loss.
“GoodWill ransomware was identified by CloudSEK researchers in March 2022. As the threat group’s name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons,” Clousek mentioned in a report.
Once contaminated, the GoodWill ransomware worm encrypts paperwork, pictures, movies, database, and different vital recordsdata and renders them inaccessible with out the decryption key.
“The actors suggest that victims perform three socially driven activities in exchange for the decryption key- donate new clothes to the homeless, record the action, and post it on social media, take five less fortunate children to Dominos Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators,” the report mentioned.
Once all three actions are accomplished, the ransomware asks victims to write down a word on social media (Facebook or Instagram) on “how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill.” Upon finishing all three actions, the ransomware operators confirm the media recordsdata shared by the sufferer and their posts on social media.
The actor will then share the entire decryption equipment which incorporates the principle decryption software, password file and a video tutorial on the right way to get well all vital recordsdata, the report mentioned.
“Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions & services company, that provides end-to-end managed security services,” the report mentioned.
Source: www.financialexpress.com”