GoodWill Ransomware: Group of Hackers Trying to Imitate Robin Hood

GoodWill Ransomware: Group of Hackers Trying to Imitate Robin Hood

There’s a new ransomware variant going around, but with a much different twist than traditional ransomware. Meet “Good Will,” where hackers ask their victims to perform three good deeds. However, unlike in the movie, they are forcing the victims to do so. The new Ransomware is known as GoodWill. We will discuss more on it later on.

What is Ransomware?

Let’s start from the basics. Ransomware is malware designed to deny users access to their computer files. The hackers encrypt files and demand a ransom payment in exchange for the decryption key. Organizations are forced to pay because it is the easiest and cheapest way out.

Ransomware attacks have skyrocketed in recent years. Some of the most prevalent ransomware variants are Ryuk, Maze, REvil (Sodinokibi), DearCry, and Conti. The Covid-19 pandemic resulted in the surge in ransomware attacks. In addition, the hackers ask for cryptocurrency as a ransom which makes the attacks profitable.

How does Ransomware work?

Although each ransomware variant has varied implementation techniques, the three core steps remain the same. 

  • Step 1. Infection vectors: Ransomware operators prefer a few specific infection vectors, like phishing emails and Remote Desktop Protocol (RDP). They may also try to infect systems directly, like WannaCry. In addition, most ransomware variants have multiple infection vectors.
  • Step 2. Data Encryption: The ransomware starts encrypting the files and replacing the originals with the encrypted versions. They may also delete backups and shadow copies to make recovery difficult without the decryption key. 
  • Step 3. Demanding Ransom: The ransomware will ask for ransom once all the targeted files are encrypted. They usually leave a note requesting a set amount of cryptocurrency in exchange for a decryption kit.

GoodWill Ransomware

GoodWill ransomware is a new variant of ransomware detected by an India-based cybersecurity firm, CloudSEK. The firm declared the following about the ransomware:

  • Written in .NET and packed with UPX packets.
  • Sleeps for 722.45 seconds to interfere with dynamic analysis.
  • Uses the AES Encryption algorithm.
  • One string, “GetCurrentCityAsync,” detects the geolocation of the victim’s device.

The GoodWill ransomware works just like other ransomware with one twist. The hackers don’t ask for a hefty amount of cryptocurrency in exchange for a decryption kit. Instead, they demand the victims perform three prescribed good deeds and share them on social media.

The three good acts are:

  1. The first demand is to donate new clothes and blankets to the homeless.
  2. The second demand is to take any five poor children (under the age of 13) to Domino’s, Pizza Hut, or KFC. After that, they can order whatever they want.
  3. The third demand is to visit a hospital and help someone who needs urgent medical assistance but cannot pay for it.

After performing each act, the victim has to share happy photos of the people he helped on his social media. In addition, he has to share a note on how GoodWill ransomware made him a better person.    

How to Secure Yourself

Though there are no known victims of the GoodWill ransomware attacks until now, securing yourself against the attack remains a priority. Use the same tips provided to protect an organization against other ransomware. These include making secure offsite backups, running up-to-date security solutions, using hard-to-crack passwords, encrypting sensitive data whenever possible, etc. 

Although the hackers aren’t attacking the computer systems for profit, it is still wrong. They cannot force anyone to perform specific tasks in exchange for access to their files. So whether they are a big Salman Khan fan or have watched Disney’s Robin Hood too many times, implanting ransomware for any reason is a punishable offense. 

Recent Posts

Read Our Success Stories

Hear how we have successfully helped business like yours!

Read The Stories

Get Email Updates

There’s a new ransomware variant going around, but with a much different twist than traditional ransomware. Meet “Good Will,” where hackers ask their victims to perform three good deeds. However, unlike in the movie, they are forcing the victims to do so. The new Ransomware is known as GoodWill. We will discuss more on it later on.

What is Ransomware?

Let’s start from the basics. Ransomware is malware designed to deny users access to their computer files. The hackers encrypt files and demand a ransom payment in exchange for the decryption key. Organizations are forced to pay because it is the easiest and cheapest way out.

Ransomware attacks have skyrocketed in recent years. Some of the most prevalent ransomware variants are Ryuk, Maze, REvil (Sodinokibi), DearCry, and Conti. The Covid-19 pandemic resulted in the surge in ransomware attacks. In addition, the hackers ask for cryptocurrency as a ransom which makes the attacks profitable.

How does Ransomware work?

Although each ransomware variant has varied implementation techniques, the three core steps remain the same. 

  • Step 1. Infection vectors: Ransomware operators prefer a few specific infection vectors, like phishing emails and Remote Desktop Protocol (RDP). They may also try to infect systems directly, like WannaCry. In addition, most ransomware variants have multiple infection vectors.
  • Step 2. Data Encryption: The ransomware starts encrypting the files and replacing the originals with the encrypted versions. They may also delete backups and shadow copies to make recovery difficult without the decryption key. 
  • Step 3. Demanding Ransom: The ransomware will ask for ransom once all the targeted files are encrypted. They usually leave a note requesting a set amount of cryptocurrency in exchange for a decryption kit.

GoodWill Ransomware

GoodWill ransomware is a new variant of ransomware detected by an India-based cybersecurity firm, CloudSEK. The firm declared the following about the ransomware:

  • Written in .NET and packed with UPX packets.
  • Sleeps for 722.45 seconds to interfere with dynamic analysis.
  • Uses the AES Encryption algorithm.
  • One string, “GetCurrentCityAsync,” detects the geolocation of the victim’s device.

The GoodWill ransomware works just like other ransomware with one twist. The hackers don’t ask for a hefty amount of cryptocurrency in exchange for a decryption kit. Instead, they demand the victims perform three prescribed good deeds and share them on social media.

The three good acts are:

  1. The first demand is to donate new clothes and blankets to the homeless.
  2. The second demand is to take any five poor children (under the age of 13) to Domino’s, Pizza Hut, or KFC. After that, they can order whatever they want.
  3. The third demand is to visit a hospital and help someone who needs urgent medical assistance but cannot pay for it.

After performing each act, the victim has to share happy photos of the people he helped on his social media. In addition, he has to share a note on how GoodWill ransomware made him a better person.    

How to Secure Yourself

Though there are no known victims of the GoodWill ransomware attacks until now, securing yourself against the attack remains a priority. Use the same tips provided to protect an organization against other ransomware. These include making secure offsite backups, running up-to-date security solutions, using hard-to-crack passwords, encrypting sensitive data whenever possible, etc. 

Although the hackers aren’t attacking the computer systems for profit, it is still wrong. They cannot force anyone to perform specific tasks in exchange for access to their files. So whether they are a big Salman Khan fan or have watched Disney’s Robin Hood too many times, implanting ransomware for any reason is a punishable offense.