lockbit3 attacks Goodwill
Incident Date:
August 28, 2022
Overview
Title
lockbit3 attacks Goodwill
Victim
Goodwill
Attacker
Lockbit3
Location
First Reported
August 28, 2022
Goodwill Ransomware Attack: A Unique Twist on Cybercrime
Introduction
Goodwill Industries of New Mexico, a nonprofit organization dedicated to providing job training, employment placement, and other community-based services, recently fell victim to the ransomware group Lockbit3. The attack was disclosed on the group's dark web leak site, highlighting the vulnerability of even non-profit organizations to cyber threats.
Impact on Goodwill Industries of New Mexico
As an entity that plays a crucial role in supporting the unemployed, veterans, and homeless individuals through job skills training and other services, Goodwill Industries of New Mexico's operations are vital to the community. The ransomware attack not only threatens the organization's data integrity but also its mission to assist those in need.
Unconventional Ransom Demands
What sets this ransomware attack apart is the nature of the demands. The attackers are not seeking monetary compensation but are instead requiring victims to engage in charitable acts. These include donations to local food banks or animal shelters, volunteer services, or feeding underprivileged children. This approach, while seemingly benevolent, disrupts operations and poses ethical dilemmas.
Technical Analysis of the GoodWill Ransomware
Identified by CloudSEK in March 2022, the GoodWill ransomware is developed in .NET and employs the AES encryption algorithm to lock target files. A notable feature of this malware is its extended sleep time of 722.45 seconds, designed to evade dynamic analysis and detection.
Previous Security Incidents
This is not the first cybersecurity challenge faced by Goodwill Industries of New Mexico. In 2022, the organization reported a website hack that compromised personal information, including contact details of its patrons. The breach was a result of an exploited vulnerability, which has since been addressed.
Cybersecurity Measures for Nonprofits
The incident underscores the critical need for robust cybersecurity defenses, especially within the nonprofit sector. Organizations should implement comprehensive security measures, including anti-malware, antivirus, firewalls, and a diligent patch management process. Leveraging AI and ML for anti-ransomware solutions and network monitoring can further enhance protection against such threats.
The ransomware attack on Goodwill Industries of New Mexico serves as a stark reminder of the evolving landscape of cyber threats. Despite the unusual demands of the attackers, the potential for operational disruption and damage remains significant, emphasizing the importance of advanced cybersecurity practices.
Sources
- CloudSEK - GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need
- Packetlabs - GoodWill Ransomware Tasks Victims with Acts of Charity to Recover Data
- The Hacker News - New 'GoodWill' Ransomware Forces Victims to Donate Money and Clothes to the Poor
- SecurityWeek - Personal Information Compromised in Goodwill Website Hack
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.