GoodWill ransomware: is it a force for good?
3 min read
New forms of ransomware appear regularly, but most follow the same formula: prevent a user from accessing some important files and then demand a large sum of money as a ransom. But GoodWill ransomware is different. The hackers behind this attack aren’t asking for money but rather for their victims to perform acts of kindness for the poor. So what is GoodWill ransomware, and how does it work?
What is ransomware?
Ransomware is a type of malicious software, or malware, which installs itself secretly on a victim’s device. Next, it encrypts some or all of the data on the device, preventing the user from accessing their files.
Included in the malware will be a ransom note, informing the victim of the attacker’s demands. In most cases, this will involve the victim sending the perpetrator money in return for an encryption key that will unlock their files.
Companies lose huge amounts of money every year as a result of these attacks, but individuals are also regularly targeted.
How does GoodWill ransomware work?
So what makes GoodWill ransomware different? Primarily, it’s the terms of the hackers’ demands. Instead of trying to extort money from the victim, the ransom note urges the reader to do a series of charitable deeds, documenting the process with photos and videos to prove that they’ve met the terms.
The required responses to the demands play out in the three stages. First, the victim must provide blankets and clothes to homeless people in their area, before posting proof of their actions to social media.
Then they’re told to find five “poor children” in their local area and take them out for dinner. Photos of the childrens’ “full smiles and happy faces” must be sent to the hacker.
Finally, the note instructs victims to offer financial assistance to people who are struggling to pay for medical treatment. If this final stage is completed, the note explains, the encryption key will be provided.
Who is behind GoodWill?
In case it wasn’t obvious, this is not normal behavior from ransomware attackers. So who is actually behind the operation?
For now, it’s impossible to say for sure, because no hacking collective or activist group has claimed responsibility. But analysts believe the people behind GoodWill are native Hindi speakers, and this hypothesis is partially backed up by the fact that it was an Indian security firm that first identified the malware.
It’s extremely difficult to track attacks like this to a definite source, however, so we may never know for sure.
The rise of hacktivism
While the GoodWill ransomware attack stands out from the crowd, the use of hacking to promote social causes is nothing new.
This activity, sometimes called hacktivism, is the main focus for groups like Anonymous, which uses digital attacks for what it perceives to be the greater good. Broadly speaking, there are two major forms of hacktivism.
- Disruption and defacement. Hackers sometimes use DDoS attacks and other strategies to make websites inaccessible, disrupting the operations of businesses or governments they oppose. Sometimes, this disruption comes in the form of defacement, a practice in which hackers edit or add text to a website to raise awareness of the issues they’re concerned with. After Russia invaded Ukraine, for example, hackers managed to post information about the war on Russian news sites, disrupting the Kremlin’s propaganda campaign.
- Data breaches. One of the most effective hacktivist strategies is the leaking of sensitive data. This could involve exposing businesses for malpractice or revealing incriminating data about government activity. In the past, hackers have stolen information from police databases in the US and used it to highlight potential links between law enforcement officers and white supremacist groups.
Are the GoodWill hackers in the right?
For now, GoodWill ransomware doesn’t seem to pose a huge threat; news agencies have so far struggled to identify any victims of the attack. That being said, it does raise interesting ethical questions.
How can the hackers behind this software be sure that they’re not accidentally targeting the poor and dispossessed they claim to want to help? And what gives them the moral authority to dictate the actions of other people?
While this malware focuses on individuals, businesses are usually the preferred target for ransomware operators. In the future, we could see more hacktivists using similar strategies to force corporations or even governments into performing acts of charity.
But while some may applaud this approach, the idea of an anonymous hacker’s personal ideology and worldview dictating the actions of people and corporations on the other side of the planet should be cause for concern. Vigilantism is rarely without risk.
Want to read more like this?
Get the latest news and tips from NordVPN.
