Security researchers from Heimdal Security have discovered a new ransomware variant that promises to donate the ransom money to charity. As usual the ransomware is distributed as email attachment or through unpatched software and once it becomes active it encrypts all kinds of file.
Once files are encrypted the ransomware shows a screen with instruction on how to decrypt the files. The text, written in poor English, demands that the user buys special software to decrypt the files and adds that the software will protect the computer and makes the user eligible for 3 years of tech support. The software is very expensive, the criminals demand a ransom of 5 Bitcoins, currently worth about $2240. If the victim doesn't pay within 24 hours, the ransom is doubled.
The good news is that the money will be spent well, the cybercriminals write in their ransom note, "your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help!"
And they also provide something in return, "We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!"
Obviously there is no way of checking whether the ransom will indeed go to charity, our gut feeling says no. Also, the FBI recommends to never pay a ransom because it encourages cybercriminals to continue with their practices.
