Ransomware is a type of malware that encrypts files and requires a ransom to decrypt them. It is aimed at both companies and individuals. Typically, cybercriminals demand to be paid in Bitcoins or other cryptocurrencies, and files are not accessible and used by ransomware victims unless a ransom is paid. The HelloKitty ransomware targets companies and one of its known victims is CD Project, well known for being the developers of Cyberpunk 2077.
In their ransom note, the threat actors claimed to have stolen full copies of the source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3, along with documents related to accounting, administration, legal affairs, human resources. and investor relations. and more. The attackers threatened to sell or leak the stolen source code online and send the stolen documents to journalists in the gaming industry if CD Projekt refused to cooperate.
In response, CD Projekt stated that it does not plan to negotiate with attackers and is already taking steps to restore affected data from backups and work with parties that may be affected by the breach. The company is also working with forensic IT and law enforcement specialists to fully investigate the incident and they are doing well since paying does not imply that your data will be returned and not only that, this would only benefit the economy of these criminals.
According to Sent inelLabs, current intelligence suggests that HelloKitty arrives via phishing emails or via a secondary infection from an initial malware attack, after which the systems affected by the HelloKitty ransomware show the following symptoms:
▸Terminated processes and Windows services
▸Affected Files are encrypted with. KITTYo. CRYPTEDfile extensions
▸Copies of encrypted files are deleted
Other companies have likely encountered the HelloKitty attack as well. Judging by the ransom note that was created in the attack on CD Project, the cybercriminals behind HelloKitty create customized ransom notes for each target company, which is why creating isolated backups is so important to prevent these mishaps.
Related topics:
Meow threat not as friendly as its name
Charming Kitten, A cunning criminal group
