GoodWill Ransomware Requires Victims to Do Good Deeds

We’ve heard of white hat hackers who are on the good side of the issue: ethical hacking that identifies vulnerabilities to help others not be victims. But the GoodWill ransomware is a different type of ethical – it requires its victims to do good deeds to get their data back.

Identifying GoodWill Ransomware

Threat analysis company CloudSEK identified the GoodWill ransomware this March. Victims don’t need to worry about losing money to these hackers, though. Instead of demanding a cash ransom, hackers require victims of good deeds if they ever want to see their data again.

You may be wondering how the hackers will know the good deeds have been carried out. Victims are required to record them in pictures, audio, and / or video, then post the proof to social media.

The hackers are obviously not native English speakers. They tell victims that the first good deed “does not cost you high but matters for humanity.”

After the victims complete the good deeds and post them on social media, they are given instructions to download a decryption key. This will allow them to get their documents, photos, videos, databases, and other files back.

CloudSEK was able to determine a few things about the GoodWill hackers. They identified two IP addresses in subdomains as being located in Mumbai, India. The email address can be tracked back to an IT security solutions and services company based in India.

GoodWill’s Good Deeds

The good deeds that are required by the GoodWill ransomware are very specific. The first deed discusses the thousands who die sleeping outside in the cold without proper clothing. The task requires victims to “provide new clothes / blankets to needed people of road side” and to record it on video. After this is completed, the hackers will “promote you for the next activity.”

The second good deed requires victims to take five neighborhood children to Dominos, Pizza Hut, or KFC and order them food. “Treat those kids as your younger brothers.” The next part of the task is to take selfies and post them as a video story. A photo of the restaurant receipt is required as well. “Help those less fortunate than you, for it is real human existence.”

With the explanation that many people “have suffered the pain of losing their loved ones due to lack of money,” victims are required to visit a local hospital and pay for a medical treatment for someone who can’t afford it, then record the audio of telling them they are being supported and “don’t need to worry now.” Selfies are required of “them with full of smiles and happy faces.”

After all three acts are completed, the victims need to write an article and post it on Facebook and Instagram about their wonderful experience of being transformed into a kind human being. The decryption kit will be sent once the hackers receive the link. Victims are also given the above photo frame, presumably for a selfie they took during the process.

There are no known victims or targets of the GoodWill ransomware or of the good deeds done to get stolen data back. If you’re worried about becoming a victim, check out these ransomware decryption tools for Windows.

Image credit: Unsplash

Is this article useful?

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Leave a Comment