GoodWill Ransomware Tries to Play at Robin Hood

GoodWill is a relatively new ransomware strain analyzed by security researchers with CloudSEK.

What particularly sets GoodWill aside from the majority of other ransomware clones and bigger families is the ransom note and purported motivation of the ransomware's operator. GoodWill does its best to persuade victims and the world at large that the group behind it is not a bunch of cybercriminals but benefactors and champions of noble causes. Of course, that is difficult when you are using cyber extortion tactics.

The GoodWill contains a surprisingly long ransom note, suggesting that the victim of the malware should perform weird acts of charity. The first page calls to "provide new clothes/blankets to needy people" and even "make a video of this event". The second "good deed" is taking poor children "from your neighborhood" and taking them out for pizza, to "make them feel happy". The third page asks the ransomware victim to go to a hospital and help people who need money for treatment.

Those extremely unusual requests are what the hackers expect in order to send a decryption key.

On the technical side of things, GoodWill encrypts files using AES. The ransomware is written and compiled using .NET and is then packed using UPX packer tools.

The ransomware, once executed, sleeps for over 10 minutes, in an attempt to dodge dynamic analysis. The examination performed by CloudSEK shows a significant overlap between GoodWill and the HiddenTear ransomware, which got its proof of concept code uploaded publicly online.

By Zaib
June 1, 2022
Ransomware
English
June 1, 2022
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Ransomware Payments Drop as Victims Refuse to Play Along

Security researchers have spotted a new trend in global ransomware attacks - victims who refuse to play along with the cyber criminals and outright decide not to pay the ransom money are growing in number. This trend... Read more

February 4, 2021
Ransomware

KUKANOS Ransomware Tries to Keep Files Out of Reach

Ransomware is a popular cyberattack that is capable of seizing on your computer and taking all of the data. The hacker encrypts all of the data and then will release it for you if they receive payment. This type of... Read more

January 21, 2022
Computer Security

Ragnar Ransomware Gang Tries to Scare Victims

The Ragnar ransomware gang, one of the relatively big threat actors in the ransomware landscape, has published a strange post on its dark web portal. The gang seems to be trying to use more cheap social engineering... Read more

September 8, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.