lockbit3 attacks Goodwill

Incident Date:

August 28, 2022

World map

Overview

Title

lockbit3 attacks Goodwill

Victim

Goodwill

Attacker

Lockbit3

Location

Albuquerque, USA

New Mexico, USA

First Reported

August 28, 2022

Goodwill Ransomware Attack: A Unique Twist on Cybercrime

Introduction

Goodwill Industries of New Mexico, a nonprofit organization dedicated to providing job training, employment placement, and other community-based services, recently fell victim to the ransomware group Lockbit3. The attack was disclosed on the group's dark web leak site, highlighting the vulnerability of even non-profit organizations to cyber threats.

Impact on Goodwill Industries of New Mexico

As an entity that plays a crucial role in supporting the unemployed, veterans, and homeless individuals through job skills training and other services, Goodwill Industries of New Mexico's operations are vital to the community. The ransomware attack not only threatens the organization's data integrity but also its mission to assist those in need.

Unconventional Ransom Demands

What sets this ransomware attack apart is the nature of the demands. The attackers are not seeking monetary compensation but are instead requiring victims to engage in charitable acts. These include donations to local food banks or animal shelters, volunteer services, or feeding underprivileged children. This approach, while seemingly benevolent, disrupts operations and poses ethical dilemmas.

Technical Analysis of the GoodWill Ransomware

Identified by CloudSEK in March 2022, the GoodWill ransomware is developed in .NET and employs the AES encryption algorithm to lock target files. A notable feature of this malware is its extended sleep time of 722.45 seconds, designed to evade dynamic analysis and detection.

Previous Security Incidents

This is not the first cybersecurity challenge faced by Goodwill Industries of New Mexico. In 2022, the organization reported a website hack that compromised personal information, including contact details of its patrons. The breach was a result of an exploited vulnerability, which has since been addressed.

Cybersecurity Measures for Nonprofits

The incident underscores the critical need for robust cybersecurity defenses, especially within the nonprofit sector. Organizations should implement comprehensive security measures, including anti-malware, antivirus, firewalls, and a diligent patch management process. Leveraging AI and ML for anti-ransomware solutions and network monitoring can further enhance protection against such threats.

The ransomware attack on Goodwill Industries of New Mexico serves as a stark reminder of the evolving landscape of cyber threats. Despite the unusual demands of the attackers, the potential for operational disruption and damage remains significant, emphasizing the importance of advanced cybersecurity practices.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.