Ransomware Hackers Force Victims to Donate to Charity

CloudSEK reported that a ransomware group has been forcing victims to donate to charity and assist medical patients. 

“Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need,” said CloudSEK. 

According to CloudSEK, there are certain attributes indicating that the Goodwill hackers are from India through their IP. 

The Goodwill ransomware is written in .NET and packed with UPX packers and sleeps for 722.45 seconds to interfere with dynamic analysis before using the AES_Encrypt function to encrypt the victim’s files using the AES algorithm.

After the files have been encrypted,  Goodwill hackers then send a note asking the victims to donate new clothes to the homeless, record the action, and post it on social media; take five less fortunate children to Dominos, Pizza Hut, or KFC for a treat, take pictures and videos, and post them on social media; and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators.

Once the victims have accomplished the tasks, they are also forced to post on social media   how they have transformed “into a kind human being by becoming a victim of a ransomware called GoodWill.”

There have been no named victims of the GoodWill ransomware so far.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.