Return to Blog

Ransomware has long been a serious threat to organisations worldwide as the operational, reputational, and financial impacts of an attack can be catastrophic.

Paying the ransom is presented by attackers as the path of least resistance, but traditionally this money only goes to fund criminal gangs and terrorism – with no guarantees that the data will be restored, or future breaches will not occur.

Most security-minded people will already know this, but often the fight to beat Ransomware is extremely black and white.  However, in recent times a new breed of hacktivism has appeared across Europe and America, dubbed ‘Ethical Ransomware’.

What is Ethical Ransomware?

Back in May 2022, The Hacker News reported that CloudSEK researchers had discovered a new ransomware strain two months earlier, called “GoodWill”.

The reason this was an interesting discovery is that GoodWill did not ask for money after encrypting the files – they asked for donations to social causes and financial assistance for people in need.  They demanded that victims carry out three activities and provide them with evidence before releasing the decryption key.

So, if you were to define Ethical Ransomware, you could say that it is “the act of holding an organisation to ransom until they ‘improve’ their behaviour, make charitable donations or further a cause that is important to the attackers.”

Why is this a risk?

With protest groups becoming commonplace, disrupting sporting events, blocking roadways, and shutting down busy areas, people are becoming more active in fighting for social justice.

The low cost, ease of access and anonymity behind ransomware attacks makes them an easy tool for protest and adds an additional element of threat to the mix as reputational damage is increased and staff are placed in a position where they may in fact support the attacker’s cause and feel conflicted about how to act, or whether they should.

How to combat Ransomware?

The solution is not as simple as ‘being ethical’ as even the purest organisations can be held at ransom to make charitable donations, but there are tangible steps that can be taken to limit your exposure to ransomware.

Keeping Backups – Every business should keep backups of their data in multiple locations. The more frequent and thorough your backups are, the easier it is to wipe and replace your data once the gap in your security has been plugged.

However, because many attacks lie dormant for a time in advance to ensure backups are also infected, step 2 would be Keeping your anti-malware, antivirus and other defensive measures up to date. Many leading security solutions offer Anti Ransomware features that track and predict file behaviour, ensuring you are able to detect zero-day attacks before they make it into your network and onto your backup files is a critical step.

Run a robust vulnerability management program to ensure that any newly discovered system weaknesses are patched and leverage monitoring solutions that ensure your users and applications are acting in line with company policies.  Whether you leverage SIEM technology, opt for Managed Detection and Response or choose to outsource your security to an MSSP, continuous monitoring of your environment is essential to detecting anomalies as they occur.

Educating employees about phishing emails and other social engineering tools will ensure they can identify risks, but it is also important to consider that insider threats at the Endpoint level could intentionally set off an attack if ethical causes come into play. So, data input from USB and other external sources should be regulated effectively.

Using Ransomware for ‘good causes’ is an emerging threat and despite the idealistic intentions, the impact is still as heavy on organisations as traditional ransomware. Having access to fast, discrete and experienced Incident Response services is a great way to limit reputational damage from an attack of this nature.

If you are concerned about ransomware or feel you may have gaps in your defences, contact us and we can review your current security posture, highlight the gaps you need to remediate and make recommendations for effective changes that will enhance your cyber security position.

Pentesec is an award-winning cyber security Managed Service Provider and consultancy that offers Managed Detection and Response, Managed SIEM, Managed VM services and more from our UK-based Security Operations Centre.

We help businesses achieve maximum protection from evolving threats using intelligent automation and human expertise.