Ransomware HelloKitty

The HelloKitty ransomware, also known as FiveHands, has become quite relevant, to the point of drawing the attention of CISA and the FBI.

The group was first spotted in December 2020 and remains active to this day. Their biggest publicized attack was on CD Projekt Red, the electronic game company known for “The Witcher” franchise.

HelloKitty uses the RRansomware as a Service (RaaS) tactic. Which allows ransomware to be bought and sold to anyone, thus making the group’s reach greater.

In most attacks systems are hacked from breaches caused by the vulnerability of the defense system known as SonicWall.

The FBI reported that in addition to encrypting the machine, the group puts pressure on the victim, giving them a deadline to pay, if the deadline expires the information will be leaked or sold to third parties.

For each target, the hackers make an assessment to determine a ransom amount, however all payments must be made with Bitcoin.

In December 2020 the featured victim was the Brazilian company Companhia Energética de Minas Gerais (CEMIG). The attack paralyzed the system for 3 days and the company’s staff chose not to negotiate with the group but to make a backup of all the information.

Thanks to this invasion, we had access to the encryption key that HelloKitty uses, the RSA-1024. A very common encryption algorithm among ransomware. After the data is encrypted the extension “.kitty” or “.crypted” is added to each infected file.

HelloKitty ransomware came from the same family as Scarab ransomware. And besides FiveHands it has other name variations like:

  • KittyCrypt
  • Kitty Ransomware

Recover files encrypted by HelloKitty ransomware

HelloKitty is one of thousands of ransomware extensions that exist on the Internet. And we at Digital Recovery have the profile to recover files encrypted by ransomware. We have been working with data recovery for over 23 years seeking to recover encrypted files without negotiating with hackers. Our company has a technology known as Tracer. Capable of drastically reducing file recovery time, elevating our results.

And we provide clients with a confidentiality agreement (NDA) that guarantees your data will not be disclosed.

If you are looking for solutions to recover data encrypted by ransomware, Digital Recovery is the right choice. Start your diagnosis now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Recuperar Ransomware Makop

Makop Ransomware

Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.