New Ransomware Demands 3 Good Deeds to Unlock Your Data
A bizarre (but kinda cool) new ransomware has been identified out in the wild. Rather than locking everything down and demanding cash, this ransomware demands victims perform three good deeds before they get their systems back.
It’s a play on the good Samaritan and, while still criminal, it’s hard to dislike something that is trying to do good. It’s just a shame the method is so questionable.
The malware is written in .NET and targets Windows. There is currently no information on how machines become infected.
Good samaritan malware
The malware is apparently from the GoodWill ransomware group. It was identified by CloudSEK and has a unique take on malware.
This malware encrypts data and locks down systems like most do, but rather than pay in crypto to unlock, victims need to perform 3 good deeds and publicize them on social media to prove it.
The malware leaves a note on the infected device with instructions.
The first good deed is to provide fresh clothes or blankets to "needy people on the side of the road."
The second good deed is to “take five poor kids from the neighborhood to Dominos, Pizza Hut, or KFC.”
The third deed is to “visit a nearby hospital, find people who can't pay for their treatment, and provide the needed financial assistance.”
The victim must them publicize the deed on social and presumably, an unlock key will be sent by the group to unlock.
There are specific instructions on how to publicize these good deeds. To include video and image evidence and place on specific social networks.
Once complete, the victim must then "write a beautiful article" on social media about "how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill."
Source of GoodWill
CloudSEK says they have tracked the IP addresses used by the malware to India.
Some of the code is also written with Hindi comments, so does lead credence to the fact the group may be based there or used local coders.
That doesn’t mean that’s where the group is from, just where they base some of their services.
As we said at the top. We are conflicted about this malware.
On one hand, ‘encouraging’ acts of kindness while asking nothing for themselves is a nice move.
However, doing it through malware and essentially blackmailing people into performing these deeds will not deliver the positive outcome the group probably hopes for.
Sure, some needy people may get a little help, but in return, they make the victim feel blackmailed into it. That’s going to leave quite the bitter taste.