New ransomware demands victims to donate to poor
GoodWill attackers appear to be motivated by social justice rather than monetary gain
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Security researchers have uncovered a new form of ransomware that demands victims to donate clothes and food to those in need in order to recover their data.
The GoodWill ransomware was first identified by cyber security firm CloudSEK in March 2022, with attackers appearing to be motivated by social justice rather than monetary gain.
Businesses and individuals targeted with the ransomware are ordered to carry out various acts of kindness and post about it on social media. Anyone not complying risks losing access to their data.
Ransomware attacks typically involve sending an email or online message to a target, with the hope that they will click on a link containing malicious software that will automatically download and encrypt the victim’s computer or entire IT network.
In order to regain access, victims are usually asked to pay a fee payable in bitcoin or another semi-anonymous cryptocurrency.
A CloudSEK report detailed how GoodWill attackers used an entirely different ransom method for victims to receive the decryption kit.
“As the threat group’s name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons,” the report stated.
“The actors suggest that victims perform three socially driven activities in exchange for the decryption key: Donate new clothes to the homeless, record the action, and post it on social media; Take five less fortunate children to Dominos, Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media; And provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators.”
The researchers claim to have traced the ransomware group back to “an India-based IT security solutions & services company”, which provides “end-to-end managed security services”.
The Independent has reached out to CloudSEK for further comment and information about whether any victims have yet complied with the hackers’ demands.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments