"
Once infected, the GoodWill ransomware worm encrypts documents, photos, videos, database, and other important files and renders them inaccessible without the decryption key.
"The actors suggest that victims perform three socially driven activities in exchange for the decryption key- donate new clothes to the homeless, record the action, and post it on social media, take five less fortunate children to Dominos Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators," the report said.
Once all three activities are completed, the ransomware asks victims to write a note on social media (Facebook or Instagram) on "how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill."
Upon completing all three activities, the ransomware operators verify the media files shared by the victim and their posts on social media.
The actor will then share the complete decryption kit which includes the main decryption tool, password file and a video tutorial on how to recover all important files, the report said.
"Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions & services company, that provides end-to-end managed security services," the report said.
SEE ALSO: