CryptoMix ransomware is nothing new, but pretending that the collected ransomware goes to a charity breaks new ground.

CryptoMix first came on the scene in 2016, but it has reappeared in a new campaign. As ZDNet reports, hackers launch the ransomware by going after weak passwords, using brute force attacks to get inside the network. From there, they steal admin credentials to have free rein to infect and encrypt servers and wipe backups.

Victims are warned that if they use security software with the ransomware installed, they could cause permanent damage (a common tactic, ZDNet notes). They’re also served a ransom note, instructing them to send an email to the ransomware distributors

If a victim follows through with the email, that’s when the real show unfolds. The hackers claim to be using the proceeds to support an international children’s charity. Awww, how thoughtful. Apparently, the thought is that victims will feel even better about paying the ransom to unlock their files.

But the children’s charity angle isn’t just a throwaway line. According to ZDNet, the hackers actually went to the trouble of taking information about real children from crowdfunding and local news websites. “The hackers claim that children will receive presents and medical help as a result of the payment — but also threaten that the ‘donation’ will be doubled if the payment isn’t received within 24 hours,” ZDNet writes.

Having the right security solutions in place can prevent ransomware from getting into the network. Outside of that, the best approach is to keep systems patched, updated, and backed up.

Get the full story at ZDNet.