Share on facebookFacebook
Share on twitterTwitter
The HelloKitty ransomware, also known as FiveHands, has become quite relevant, to the point of drawing the attention of CISA and the FBI.
The group was first spotted in December 2020 and remains active to this day. Their biggest publicized attack was on CD Projekt Red, the electronic game company known for “The Witcher” franchise.
HelloKitty uses the Ransomware as a Service (RaaS) tactic. Which allows ransomware to be bought and sold to anyone, thus making the group’s reach greater.
In most attacks systems are hacked from breaches caused by the vulnerability of the defense system known as SonicWall.
The FBI reported that in addition to encrypting the machine, the group puts pressure on the victim, giving them a deadline to pay, if the deadline expires the information will be leaked or sold to third parties.
For each target, the hackers make an assessment to determine a ransom amount, however all payments must be made with Bitcoin.
In December 2020 the featured victim was the Brazilian company Companhia Energética de Minas Gerais (CEMIG). The attack paralyzed the system for 3 days and the company’s staff chose not to negotiate with the group but to make a backup of all the information.
Thanks to this invasion, we had access to the encryption key that HelloKitty uses, the RSA-1024. A very common encryption algorithm among ransomware. After the data is encrypted the extension “.kitty” or “.crypted” is added to each infected file.
HelloKitty ransomware came from the same family as Scarab ransomware. And besides FiveHands it has other name variations like:
HelloKitty is one of thousands of ransomware extensions that exist on the Internet. And we at Digital Recovery have the profile to recover files encrypted by ransomware. We have been working with data recovery for over 23 years seeking to recover encrypted files without negotiating with hackers. Our company has a technology known as Tracer. Capable of drastically reducing file recovery time, elevating our results.
To ensure our efficiency we work using the General Data Protection Regulation (GDPR). And we provide clients with a confidentiality agreement (NDA) that guarantees your data will not be disclosed.
If you are looking for solutions to recover data encrypted by ransomware, Digital Recovery is the right choice. Start your diagnosis now.