Security researchers have discovered a rather unusual new strain of ransomware, which promises to donate all earnings to a children's charity if victims pay to decrypt their files, as well as providing free technical support for three years to help the victim prevent future attacks.
According to Heimdal Security, the cybercriminals behind the Charity Team ransomware are trying to psychologically manipulate victims into faster paying a ransom of 5 bitcoins, rather than ignoring the demand and waiting for the cybersecurity community to come up with a free solution to the problem.
There are now many types of ransomware online that infect users' computers and encrypt their files, and the only way to get the files back is to pay a ransom in bitcoins. This type of malware often threatens to delete the victim's files if they do not pay up, but the difference is Charity Team warns you its "main server" will automatically double the price of the ransom if users do not take them up on their initial "offer".
The cybercriminals word their demand as if they are doing the victim a favour by offering them a good deal – not only will the victim get their files back and have access to "free tech support for solving any PC troubles for three years", but the user's name will also apparently be recorded and remembered through history for their charitable donation.
Unsurprisingly, Heimdal Security takes a dim view of this approach to extorting money from users who are unlucky enough to have their computers hijacked by the malware.
"So it wasn't enough that they kidnapped the data and set a time limit for the payment, after which the ransom would double, but they had to play the charity card as well?," writes Andra Zaharia, a security specialist at Heimdal Security in a blog post.
Zaharia also warns that although the ransomware might seem more gentle than say, the awful Saw horror movie-themed Jigsaw ransomware that deletes files every hour that the victim delays paying the ransom, Charity Team is actually a variant of CryptoWall 4 and includes CryptXXX components.