FiveHands ransomware, also known as Hello Kitty ransomware, was discovered by CISA (Cybersecurity and Infrastructure Security Agency), the US cybersecurity agency, and has been under attack since May 2020. The group uses the double extortion method, which in addition to blocking the files also threatens to leak them, this tactic is used to pressure the victim to pay the ransom as soon as possible.
In some cases, if the victim does not pay or does not respond quickly, they threaten a break-in to the company’s public website. The ransom payment is made in cryptocurrencies, the ransom amount varies depending on the size of the company attacked.
The initial access of FiveHands ransomware is different from other ransomware, which attack victims through email campaigns, FiveHands uses VPN devices, this access allows them to generate a VPN profile and enter the victim’s destination network using the hostname and then deploy the ransomware thus initiating encryption.
The group became famous for attacking video game studio CD Projekt Red (producer of The Witcher and Cyberpunk 2077 games) in February this year. After the attack the group confirmed on the dark web that the information that was stolen from the studio had been sold to a third party, but this was never actually confirmed.
The attacks are usually aimed at Linux servers using virtual machines. After the invasion the ransomware encrypts the victim’s data, and together with pCloud synchronizes the files in the cloud, so that even if the victim turns off the computer or the internet the group can extract the files to perform double extortion.
Authorities do not recommend paying the ransom, as these payments fund the criminal group with resources for new attacks.
Digital Recovery has developed solutions capable of recovering files encrypted by ransomware. We can recover HD, SSD, Storage, RAID, Virtual Machines, Databases and others.
Working 24×7 in emergency mode. All our processes are backed by the confidentiality agreement (NDA) and in accordance with General Data Protection Regulation (GDPR).
Even if you have received a negative diagnosis or lead times do not meet your expectations, we accept the challenge of analysing your case, with online follow-up and real-time feedback throughout the process. Contact us and see what we can do for your company.