Blake Dowling: Hackers for good? Robin Hood and ‘goodwill ransomware’

Robin Hood standing with bow and arrows. Robin Hood in ambush. Defender of weak. Medieval legends. Heroes of medieval legends. Halftone background.
In the world of cybercrime, we have seen this year the emergence of some Robin Hood-type crimes.

Who feels like a wager? Place your bets, boys and girls. How many (theatrical) versions of Robin Hood are there?

Survey says 18.

That is quite a bit; usually, I only think of three: Men in Tights, the one with Hans Gruber as the Sheriff (bad guy in Die Hard), and then (of course) the animated one from my childhood.

I am sure many of you remember the 1970s Sean Connery one fondly, but that is before my time (just barely), and the classic from 1938 with Errol Flynn some of you might also enjoy, but let’s face it, that film is a snoozer compared to Mel Brooks’ version.

One thing stays the same throughout all versions of Robin and his Merry Men (Why were they so merry, anyway? No showers, no Netflix.) — their mission was to rob the rich and give to the poor.

In the world of cybercrime, we have seen this year the emergence of some Robin Hood-type crimes among a certain group of hackers and what they are launching around Florida and the nation.

It’s called “goodwill ransomware.”

As I discussed in a column last month about the Costa Rican government hit by ransomware; the typical ransomware attack goes after a business, individual or government. Usually, it’s a bogus email embedded with a link that, when clicked, freezes all files on that computer and all computers connected to it.

Next, a demand for payment (ransom); if paid, the hackers will in turn supply the encryption keys to unlock your files.

It’s fair to say that by now, most of us have heard of this scenario, but the goodwill attack is quite different. You still have a fake email or malicious website exposing you or your organization to an encryption attack — but then something rather bizarre happens after you click and things get encrypted.

These hackers do not ask for cryptocurrency to get your files back; instead, they ask you to do something good for the world? Eh?

Hackers behind this attack literally want to send you on a scavenger hunt of good activity (documenting it digitally) before they return access to your files.

Once infected, the first thing you see on the screen are hackers describing themselves as non-hungry for money and wealth, but they want to help the poor and needy.

Your first task — if you choose to engage with them — is to donate new clothes and blankets to the homeless.

After that, you will need to take underprivileged kids to Taco Bell, Pizza Hut, and KFC.

(Funny side story. My old office in Atlanta had one building with all (3) of these establishments — we used to call it the Triple Threat. You could get a slice, chicken leg and taco all at the same time. Yum.) Moving on: The next mission on your ransomware quest is to visit a hospital and bring joy (and donations) to those in trouble there.

While the sentiment behind this is touching, and our world could use a massive influx of kindness, this is not the way to do it.

Avoid cybercrime at all costs, due to the disruption caused by networks being offline for potentially extended periods.

Always have a redundant cloud and on-premises backup of your systems (not just files) ready to be deployed so that you can restore from backup versus paying ransoms.

Also, have two-factor authentication on all machines. Force your team to undergo email phishing simulations and cyber-training to make sure they are prepared for when the real thing happens and invest in advanced cyber-protection.

It should not take hackers extorting us to send out kindness, so as some incentive here are some local organizations in Florida that we all know need our help: Refuge House serving the Big Bend Area of North Florida, Big Brothers Big Sisters of The Big Bend — Youth Mentoring, Second Harvest of the Big Bend, Goodwill Industries — Big Bend, Inc. and Big Bend Habitat for Humanity.

Our friends at The Jerusalem Post say these hackers are most likely based in India, as that is where the trail of email and IP addresses lead.

But let’s be clear here, there was only one Robin Hood who ran around Britain in the 1300s and these folks are not him.

Be safe out there Florida.


Blake Dowling is the CEO of Aegis Business Technologies and directed this short film celebrating the company’s 25 years in business in Florida. Cheers to it!

No animals were harmed (just annoyed) during the filming of this project.

The star of our Aegis 25th video, Pete, is now on Instagram @PeterTheDestroyer.

Blake Dowling

Blake Dowling is CEO of Aegis Business Technologies. His technology columns are published by several organizations. Contact him at [email protected] or at


  • Yeah

    June 5, 2022 at 6:02 pm

    Hackers for give me some of that money share and spend

  • Yeah

    June 5, 2022 at 6:07 pm

    Not that I do not sacrifice I have no moneys but I still give. People think no one deserves just there go fund me takes priority.people hurt in the torture

  • Yeah

    June 5, 2022 at 6:10 pm

    All it is about me and my able body life style and my 500,000 dollar home is the kindnesses.we all deserve that welfares

  • Yeah

    June 5, 2022 at 6:23 pm

    In reality within this havac it is telling you no you are not so smart and judgement is upon you not under you

Comments are closed.


Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Roseanne Dunkelberger, A.G. Gancarski, Anne Geggis, Kelly Hayes, Ryan Nicol, Jacob Ogles, Gray Rohrer, Jesse Scheckner, Christine Sexton, Andrew Wilson, Wes Wolfe, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704

Sign up for Sunburn