New forms of ransomware appear regularly, but most follow the same formula: prevent a user from accessing some important files and then demand a large sum of money as a ransom. But GoodWill ransomware is different. The hackers behind this attack aren’t asking for money but rather for their victims to perform acts of kindness for the poor. So what is GoodWill ransomware, and how does it work?
Ransomware is a type of malicious software, or malware, which installs itself secretly on a victim’s device. Next, it encrypts some or all of the data on the device, preventing the user from accessing their files.
Included in the malware will be a ransom note, informing the victim of the attacker’s demands. In most cases, this will involve the victim sending the perpetrator money in return for an encryption key that will unlock their files.
Companies lose huge amounts of money every year as a result of these attacks, but individuals are also regularly targeted.
So what makes GoodWill ransomware different? Primarily, it’s the terms of the hackers’ demands. Instead of trying to extort money from the victim, the ransom note urges the reader to do a series of charitable deeds, documenting the process with photos and videos to prove that they’ve met the terms.
The required responses to the demands play out in the three stages. First, the victim must provide blankets and clothes to homeless people in their area, before posting proof of their actions to social media.
Then they’re told to find five “poor children” in their local area and take them out for dinner. Photos of the childrens’ “full smiles and happy faces” must be sent to the hacker.
Finally, the note instructs victims to offer financial assistance to people who are struggling to pay for medical treatment. If this final stage is completed, the note explains, the encryption key will be provided.
In case it wasn’t obvious, this is not normal behavior from ransomware attackers. So who is actually behind the operation?
For now, it’s impossible to say for sure, because no hacking collective or activist group has claimed responsibility. But analysts believe the people behind GoodWill are native Hindi speakers, and this hypothesis is partially backed up by the fact that it was an Indian security firm that first identified the malware.
It’s extremely difficult to track attacks like this to a definite source, however, so we may never know for sure.
While the GoodWill ransomware attack stands out from the crowd, the use of hacking to promote social causes is nothing new.
This activity, sometimes called hacktivism, is the main focus for groups like Anonymous, which uses digital attacks for what it perceives to be the greater good. Broadly speaking, there are two major forms of hacktivism.
For now, GoodWill ransomware doesn’t seem to pose a huge threat; news agencies have so far struggled to identify any victims of the attack. That being said, it does raise interesting ethical questions.
How can the hackers behind this software be sure that they’re not accidentally targeting the poor and dispossessed they claim to want to help? And what gives them the moral authority to dictate the actions of other people?
While this malware focuses on individuals, businesses are usually the preferred target for ransomware operators. In the future, we could see more hacktivists using similar strategies to force corporations or even governments into performing acts of charity.
But while some may applaud this approach, the idea of an anonymous hacker’s personal ideology and worldview dictating the actions of people and corporations on the other side of the planet should be cause for concern. Vigilantism is rarely without risk.
Want to read more like this?
Get the latest news and tips from NordVPN.
We value your privacy