0 %

New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor

May 30, 2022

Cybersecurity scientists have actually divulged a brand-new ransomware stress called A Good Reputation that urges targets right into giving away for social reasons and also give monetary aid to individuals in demand.

” The ransomware team circulates really uncommon needs for the decryption secret,” scientists from CloudSEK said in a record released recently. “The Robin Hood-like team asserts to be curious about assisting the much less privileged, instead of obtaining targets for monetary inspirations.”


Created in.NET, the ransomware was initially determined by the India-based cybersecurity company in March 2022, with the infections providing delicate data unattainable without decrypting them. The malware, that makes use the AES algorithm for file encryption, is likewise significant for resting for 722.45 secs to disrupt vibrant evaluation.

The file encryption procedure is complied with by presenting a multiple-paged ransom money note that calls for the targets to execute 3 socially-driven tasks to be able to acquire the decryption package.

This consists of giving away brand-new garments and also coverings to the homeless, taking any type of 5 impoverished youngsters to Domino’s Pizza, Pizza Hut, or KFC for a reward, and also supplying financial backing to clients that require immediate clinical focus yet do not have the monetary methods to do so.

Furthermore, the targets are asked to videotape the tasks in the kind of screenshots and also selfies and also upload them as proof on their social networks accounts.

” As soon as all 3 tasks are finished, the targets must likewise create a note on social networks (Facebook or Instagram) on ‘Just how you changed on your own right into a kind human being by coming to be a sufferer of a ransomware called A good reputation,'” the scientists claimed.

There are no recognized targets of A good reputation and also their specific methods, strategies, and also treatments (TTPs) utilized to assist in the strikes are vague yet.


Likewise unacknowledged is the identification of the hazard star, although an evaluation of the e-mail address and also network artefacts recommends that the drivers are from India which they talk Hindi.

More examination right into the ransomware example has actually likewise exposed considerable overlaps with an additional Windows-based stress called HiddenTear, the initial ransomware to have actually been open-sourced as a proof-of-concept (PoC) back in 2015 by a Turkish designer.

” A good reputation drivers might have accessed to this enabling them to produce a brand-new ransomware with needed alterations,” the scientists claimed.

Posted in SecurityTags:
Write a comment