Security News > 2022 > May > Ransomware encrypts files, demands three good deeds to restore data
In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool.
The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel team, doesn't appear to be motivated by money.
After it has infected the victim's PC - it's not said how that happens, but we imagine via email or a fake app installer - the GoodWill ransomware scrambles documents, photos, videos, databases, and other files.
According to the CloudSek analysis, the do-gooder gangsters first task a victim with providing fresh clothes or blankets to "Needy people on the side of the road," video the deed, and then post the footage to Facebook, Instagram, and WhatsApp stories using a photo frame that the ransomware group provides to the victim.
After completing all three tasks, the victims must also "Write a beautiful article" on social media about "How you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill." Once this is all done and verified by the miscreants, you get your decryption tool, allegedly.
In addition to attributing the ransomware to operators based in India, the security researchers also noted a connection to the HiddenTear ransomware, an open-source strain developed by a Turkish programmer who released a proof-of-concept version on GitHub.