Ransomware FiveHands

FiveHands Ransomware, also known as Hello Kitty ransomware, was discovered by CISA (Cybersecurity and Infrastructure Security Agency), a U.S. agency focused on cybersecurity, and its attacks have been going on since May 2020. The group uses the double extortion method, which in addition to blocking the files also threatens to leak them, this tactic is used to pressure the victim to pay the ransom as soon as possible.

In some cases, if the victim does not pay or respond quickly, they threaten a break-in to the company’s public website. The ransom payment is made in cryptocurrencies, the amount of the ransom varies depending on the size of the attacked company.

The initial access of the FiveHands ransomware is different from other ransomware, which attack victims through email campaigns, FiveHands uses VPN devices, this access allows them to generate a VPN profile and enter the victim’s target network, using the hostname and then deploy the ransomware thus initiating encryption.

The group became famous for attacking video game studio CD Projekt Red (producer of The Witcher and Cyberpunk 2077) in February this year. After the attack the group confirmed on the dark web that the information that was stolen from the studio had been sold to a third party, but this was never actually confirmed.

The attacks are usually aimed at Linux servers using virtual machines. After the invasion the ransomware encrypts the victim’s data, and together with pCloud synchronizes the files in the cloud, so that even if the victim shuts down the computer or the internet the group can extract the files to perform double extortion.

Recover Data Encrypted by FiveHands Ransomware

Authorities do not recommend paying the ransom, as such payments fund the criminal group with resources for further attacks.

Therefore, we at Digital Recovery have developed solutions capable of recovering files encrypted by ransomware. We can recover HD, SSD, Storage, RAID, Virtual Machines, Databases and others.

Working 24×7 in emergency mode. All our processes are backed by the confidentiality agreement (NDA) and in accordance with LGPD (General Law of Data Protection).

Even if you have received a negative diagnosis or lead times do not meet your expectations, we accept the challenge of analyzing your case, with online follow-up and real-time feedback throughout the process. Contact us and see what we can do for your company.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Melhores HDs

Best HD brands

When talking about the best hard disk drive (HDD) brands, it’s important to consider various aspects such as reliability, performance, storage capacity and value for


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery