Goodwill Ransomware making victims donate to poor


There seems to be a Robinhood among those spreading ransomware crime, as according to a study conducted by digital threat monitoring firm CloudSEK, a new ransomware variant is asking victims to donate the demanded ransom to the poor and destitute.

Yes, a novel ransomware variant named ‘Goodwill Ransomware’ is asking its targets to make donations to organizations that feed the poor and destitute.

Interestingly, the said ransomware group of hackers is also being asked to donate money to pizza outlets, which feed the poor.

Currently, Goodwill Ransomware is only being spread in countries like India, Pakistan, and some parts of Africa.

CloudSEK researchers state that the new ransomware group was identified in March 2022 and seems to be interested in promoting social justice rather than making financial gains.

How the hackers are dealing with the issue is also innovative. They are asking victims to pay in three ways for a decryption key-

1.) First, donate money to the needy who are in hospital and urgently need the money for treatment. The victim has to donate the money, record the entire event of donation and the treatment carried out later, and contact the hackers with a video or audio file.

2.) Second is to donate new clothes to the poor, record the event, and email the recorded AV file to the Goodwill hackers.

3.) Third is even more fascinating as the victim needs to take the poor and hungry children to either a Dominos or pizza hut outlet, pay for their food, and then record the event and send that file to the hackers.

Note- The Indian law enforcement is behind the Goodwill gang since April 2022 and found their whereabouts a few days ago. They are busy nabbing criminals and are interested in knowing the digital power behind them as the suspicion finger is pointing at a small-time hacking group from North Korea.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display