Ransomware encrypts files, demands three good deeds to restore data In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool. The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel …
No. not really. Can you clearly explain how "going to the hospital and paying someone's bills" is creepy?
The whole article reads like "These guys aren't even asking for MONEY!!!!!! What the fuck is wrong with them?? Can you BELIEVE the RIDICULOUS things they're making people do? Like, nice things, yeah, but for POOR PEOPLE?!?!".
Here is the UK, you can do task 1 in most towns but giving to a homeless shelter would be better.
Task 2 won't end well if you try to collect a random bunch of kids with offers of pizza.
Task 3 basically requires your paying vast amounts for things like vanity based cosmetic surgery (not covered by NHS free treatment).
"going to the hospital and paying someone's bills" => Not (necessarily) creepy.
"take some selfies with them with full of smiles and happy faces, record the full audio of the interaction, and send it to the operators" => Creepy as all get out.
Task 2 will straight up get you arrested
Task 3 is effectively impossible unless you can find someone who can't afford the small fee for their prescription. I guess you could hang around a dentist and offer to pay those bills? but again, you'd probably end up talking with the police.
. . they would just send an email saying "You have been the recipient of a GoodWill message. Do three good things and document them on social media, then send this message to ten other companies. Thank you for your cooperation".
That way, the companies that truly have some good will will be honored for showing it, whilst the other will continue business as usual.
Umm, certainly in the UK extortion is illegal.
The fact is this ignores any good works already performed (not to boast but I've contributed to the Disasters Emergency Committee funds for Yemen, Ukraine, and others, and the local Women's Refuge, I regularly give my pristine, but old, books to the Oxfam bookshop, and 'donated' £30 I found on the street to charity).
As a single gay man, there is no way I am going to take some disadvantaged children to any fast food establishment without written permission from parents / guardians.
I would advise anyone else to be very careful too - "but your honour, my computer was infected by ransomware, I had to buy them some unhealthy food to get my data back" is an unlikely defence to child abduction.
Better check those backups.
I wonder what they extort from you once you've done the good deeds, given them access to your social media accounts, and downloaded and run their so-called decrypter. Maybe that's enough and they use the social media accounts to spread Russian government propaganda. I hear it pays well. Hackers are criminals, they criminate.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
