A still unknown threat actor wants to be the Robin Hood of the cyber era, albeit with a twist. Instead of stealing from the rich and giving to the poor, this group is forcing the poor to give directly to the rich — by holding their valuable data hostage until they do.
CloudSEK cybersecurity researchers recently uncovered a ransomware strain called “GoodWill” that still infects businesses, but instead of asking for payment, it demands acts of goodwill towards the less fortunate, all of which are documented and showcased both publicly and to the public must the threat actor himself.
Share your thoughts on cybersecurity and get a free copy of Hacker’s Manual 2022 (opens in new tab). Help us uncover how organizations are preparing for the post-Covid world and the impact these activities are having on their cybersecurity plans. Enter your e-mail address end of this survey (opens in new tab) to get the $10.99/£10.99 bookazine.
help the poor
Once a company is infected with GoodWill, it needs to do three things:
- Provide new clothes and warm blankets to homeless people found on the side of the road. The victim must also document the act with photos and videos, put them in the photo frame provided by the attackers and then share them on their social media (Facebook/Instagram/WhatsApp). Screenshots of these posts need to be sent back to the attackers along with the links to get the second task:
- Buy food for poor children. In the evening five poor children have to be taken to their favorite fast food restaurant and are allowed to order whatever they can. The steps for this task are the same – document, post online, share with the attackers. Finally, step number three:
- Go to the nearest hospital and pay for someone’s treatment.
> Most ransomware victims pay, but many never recover their data (opens in new tab)
> This malicious new strain of ransomware is even more dangerous than usual (opens in new tab)
> Ransomware – a burgeoning geopolitical weapon? (opens in new tab)
After all these things, the victims are required to write a “nice article” about their actions and discuss how suffering an attack by GoodWill has turned them into kind people. Once the threat actor confirms that everything went as requested, the victims will receive the decryption key.
Researchers have apparently traced the attackers to India, and while it cannot be absolutely certain, they suspect it is the same malware (opens in new tab) Group running the HiddenTear ransomware.
- Protect yourself against cyber threats with the best firewalls (opens in new tab)
Above: Neuwin (opens in new tab)
This article was previously published on Source link