Goodwill Ransomware Demands to Donate to the Poor

The evaluate group from CloudSEK’s Risk Intelligence has lately disclosed GoodWill ransomware that forces victims to donate to the unhappy and presents monetary aid to sufferers in want.

According to the CloudSEK’s researchers, “Goodwill ransomware crew propagates very weird and wonderful requires in alternate for the decryption key. The Robin Hood-like crew is forcing its Victims to donate to the unhappy and presents monetary aid to the sufferers in want”.

GoodWill ransomware turn out to be identified by the India-basically based cybersecurity agency in March 2022. “As the chance crew’s name suggests, the operators are allegedly drawn to promoting social justice in preference to archaic monetary causes”.

Characteristics of GoodWill Ransomware

This ransomware is written in .NET and packed with UPX packers. It sleeps for 722.forty five seconds to intervene with dynamic analysis. The ransomware leverages the AES_Encrypt feature to encrypt, the employ of the AES algorithm. One among the strings is “GetCurrentCityAsync,” which tries to detect the geolocation of the contaminated scheme.

Activities In Substitute For the Decryption Key

It’s miles barely like Robinhood, as ransomware does no longer query of cash in cryptocurrencies, as a substitute, it presents the victims four activities to build to receive the decryption key. The ransomware worm encrypts paperwork, photos, videos, databases, and varied vital recordsdata and renders them inaccessible with out the decryption key.

Project 1: Donate unique garments to the homeless, anecdote the circulation, and put up it on social media

Project 2: Lift 5 less lucky childhood to Dominos, Pizza Hut or KFC for a treat, rob photos and videos, and put up them on social media.

Project 3: Present monetary aid to any person that desires urgent scientific consideration nonetheless can’t come up with the cash for it, at a terminate-by properly being facility, anecdote audio, and share it with the operators.

After ending your entire duties given, the victims must put up on their social media accounts – “The kind you remodeled yourself into a spread human being by becoming a sufferer of a ransomware called GoodWill.”

The actors advise the victims to anecdote video proof of your entire activities and put up it on social media, and these posts will seemingly be verified by them. Then the chance actors will then share your entire decryption equipment which contains the vital decryption instrument, password file, and a video tutorial on the manner to fetch better all vital recordsdata.

After the analysis, the researchers had been in a neighborhood to name some 1246 strings of this ransomware, out of which 91 strings overlap with the ‘HiddenTear ransomware’, the first ransomware to luxuriate in been birth-sourced as a proof-of-notion (PoC) wait on in 2015 by a Turkish programmer. Also, an analysis of the email address and network artifacts suggests that the operators are from India and that they insist Hindi.

That you just may well follow us on Linkedin, Twitter, Facebook for each day Cybersecurity and hacking files updates.