FiveHands Ransomware

FiveHands ransomware, also known as Hello Kitty ransomware, was discovered by CISA (Cybersecurity and Infrastructure Security Agency), the US cybersecurity agency, and has been under attack since May 2020. The group uses the double extortion method, which in addition to blocking the files also threatens to leak them, this tactic is used to pressure the victim to pay the ransom as soon as possible.

In some cases, if the victim does not pay or does not respond quickly, they threaten a break-in to the company’s public website. The ransom payment is made in cryptocurrencies, the ransom amount varies depending on the size of the company attacked.

The initial access of FiveHands ransomware is different from other ransomware, which attack victims through email campaigns, FiveHands uses VPN devices, this access allows them to generate a VPN profile and enter the victim’s destination network using the hostname and then deploy the ransomware thus initiating encryption.

The group became famous for attacking video game studio CD Projekt Red (producer of The Witcher and Cyberpunk 2077 games) in February this year. After the attack the group confirmed on the dark web that the information that was stolen from the studio had been sold to a third party, but this was never actually confirmed.

The attacks are usually aimed at Linux servers using virtual machines. After the invasion the ransomware encrypts the victim’s data, and together with pCloud synchronizes the files in the cloud, so that even if the victim turns off the computer or the internet the group can extract the files to perform double extortion.

Recover Data Encrypted by FiveHands Ransomware

Authorities do not recommend paying the ransom, as these payments fund the criminal group with resources for new attacks.

Digital Recovery has developed solutions capable of recovering files encrypted by ransomware. We can recover HD, SSD, Storage, RAID, Virtual Machines, Databases and others.

Working 24×7 in emergency mode. All our processes are backed by the confidentiality agreement (NDA) and in accordance with General Data Protection Regulation (GDPR).

Even if you have received a negative diagnosis or lead times do not meet your expectations, we accept the challenge of analysing your case, with online follow-up and real-time feedback throughout the process. Contact us and see what we can do for your company.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery