Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media

Credit to Author: Christopher Boyd| Date: Wed, 25 May 2022 16:25:17 +0000

Ransomware does what the name implies: holds your files or network to ransom. Pay the authors, typically in cryptocurrency, and you may get your files back. Refuse, and the files could be lost forever or even leaked to the far corners of the net.

Sometimes creators of ransomware try different things. In this case, a proof of concept called GoodWill ransomware’s approach is to force victims into performing seemingly nice tasks instead of pay a ransom.

Hunting for GoodWill

GoodWill ransomware functions like any other, at least in terms of basic functionality. It encrypts the most common file types: videos, documents, photos, databases. Without the decryption key, you won’t be able to recover your locked files.

There’s one key difference, however. The people behind this attack want victims to get out there and do some public good. Perform three good deeds, and you get your files back. That’s right: No cryptocurrency payment, no gift card codes required.

Hoop jumping as kindness

Things quickly become a bit disturbing.

Imagine: you’ve just had your computer locked up with ransomware. You’re told you must perform three acts of kindness to get your files back. The catch: you have to film and upload these good deeds to social media. Is this already beginning to creep you out? Because it should.

To be clear: criminals are asking victims of crime to humiliate themselves on social media to recover things stolen from them.

The three “activities” that victims are asked to do in order to get their files back are as follows:

“Activity 1”

“That we all know Thousands of people die due to sleeping on the roadside in the cold because they do not have clothes to cover their body.
So, your 1st task is to provide new clothes/blankets to needy people of road side and make a video of this event.
Later post this video/photo to your Facebook, Instagram and WhatsApp stories by using photo frame provided by us and encourage other people to help needy people in winters. Take a screen shot of your post and send email to us with valid post link, later our team will verify the whole case and promotes you for the next activity.
It’s Does not costs you high but matters for humanity.”

“Activity 2”

“Thousands of poor children have to sleep hungry in the long cold nights, because those ill-fated people have no luxury to have dinner every night in this cruel world. You cannot feed them food for life, but you can give them 2 moments of happiness!
How!! Hmm, Listen. In the evening, pick any 5 poor children (under 13 years) of your neighborhood and take them to Dominos Pizza Hut or KFC, then allow them to order the food they love to eat and try to make them feel happy. Treat those kids as your younger brothers. Take some Selfies of them with full of smiles and happy faces, Make a beautiful video story on this whole event and again post it on your Facebook and Instagram Stories with photo frame and caption provided by us. Take a screen shot of your posts, snap of restaurant’s bill and send email to us with valid post link, later our team will verify the whole case and promotes you for the next activity.
Help those less fortunate than you, for it is real human existence.”

“Activity 3”

There are so many people in the world who have suffered the pain of losing their loved ones due to lack of money. Lack of money is the biggest misfortune to get medical treatment at the right time.
Hmm, what’s your duty now! Hmm, Listen again! Visit the nearest hospital in your area and observe the crowd around you inside the hospital premises. You will see that there will be some people who need certain amount of money urgently for their medical treatment, but they are unable to arrange due to any reason. You have to go near them and talk to them that they have been supported by you and they do not need to worry now, Finally Provide them maximum part of required amount. Again, Take some Selfies of them with full of smiles and happy faces,
Record Audio while whole conversation between you and them and send it to us.
Write a beautiful article in your Facebook and Instagram by sharing your wonderful experience to other peoples that how you transform yourself into a kind human being by becoming Victim of a Ransomware called Good Will.

Once the victim has performed all three tasks, they must send the links and the gang promises to “verify the whole case” and hand over the decryption keys.

No good will for GoodWill

Aside from anything else, this is incredibly invasive of people’s privacy. Do the people in the videos get a say in this? It seems they do not.

This is genuinely one of the most disturbing infection-themed attacks I’ve seen in a long time. Turning people into some sort of game show contestant, complete with performative acts of kindness which are only occurring because of blackmail, flies in the face of their alleged intended goal.

We also have no indication if the authors intend to change their tasks at a later date. Reports mention the file attempts to geolocate victims. Could we see location-themed tasks which account for differences in rules, funding, social norms? Or is it a dice-roll in terms of hoping you’re assigned tasks you’re actually able to complete?

Despite the file name, there’s not a lot to feel good about here. Asking for cryptocurrency payments to release files and hope they’re not leaked is bad. Making people upload videos of themselves performing baffling and potentially dangerous tasks feels even worse.

Malwarebytes detects GoodWill as Ransom.FileCryptor.MSIL.Generic.

We are yet to see anyone being infected with the ransomware, so can only hope this never makes it off the drawing board in any significant capacity.

The post Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/