In many people's impression, once the device is infected, blackmail software needs to pay a high ransom to get back their data But now there is a new way of redemption, that is to do good deeds Cloudsek's threat intelligence research team recently found a blackmail software called "goodwill". If victims want to obtain the key, they must do some good deeds: provide food, blankets to the unfortunate people, or donate money to patients. In general, victims must participate in three activities to recover data.
As shown below, the first activity asks you to provide clothes and blankets to people in need along the road and make a video of yourself doing so. The video must also be posted on social media to encourage others. This information must then be emailed to the attacker as evidence of completion.
The second activity requires you to feed five children from fast food chains and treat them well while doing so. Victims must also take self photos with them and publish these photos and videos on social media again. An image of the restaurant bill and a link to a social media post must then be sent to the attacker.
The third activity forces you to go to the hospital and pay for medical care for people in need of financial assistance. These people must also take selfies and record audio conversations as evidence. Then, you have to post a "beautiful article" about assistance on social media, and you have to explain to people how becoming goodwill's blackmail software is basically the best thing that happens to you.
Once the attacker has verified all the information, they will send a decryption tool so that you can recover your files.
Cloudsek can trace IP and e-mail addresses back to an Indian IT company that allegedly manages end-to-end security. Goodwill is similar to hiddentear ransomware, but cloudsek can also find strings in the code written in hinglish, such as "error Hai bhaiya", which translates into "there is an error, brother".