A hacker leaked the source code complete with the first version of ransomware HelloKitty. This data was published in a forum hacked Russian-speaking, with the same cybercriminal claiming to be developing a new, more powerful cryptographer.
The leak was first discovered by the cybersecurity researcher known as 3xp0rt. Although the source code was released by a character called kapuchin03xp0rt saida BleepingComputer that the threat actor also uses another alias, well known to security experts, namely Gookee.
A threat actor called Gookee has been associated with activities in the past malware e hackinglinked to an operation Ransomware-as-a-Service call Gookee Ransomware.
3xp0rt believes that kapuchin0/Gookee is the developer of the HelloKitty ransomware and, in this regard, stated “We are preparing a new product and much more interesting than Lockbit“.
How HelloKitty ransomware works
HelloKity is a ransomware operation first detected in November 2020. The gang involved is known for hacking corporate networks, stealing data, and encrypting the systems of several victims. THE encrypted files eh stolen dataas in many other similar operations, are exploited for operations in the context of double extortionswhich involve encrypting files and demanding a ransom to unlock them.
The most famous attack of this ransomware affects Polish video game developers CD Projekt Redwhich occurred in February 2021. During this attack, threat actors claimed to have stolen the source code of titles such as Cyberpunk 2077, Witcher 3, Gwent and other very famous games.
In the summer of 2021, the ransomware group decided to expand its reach, starting to use a variant Linux intended for the VMware ESXi virtual machine platform. HelloKitty variants have also been popularized under other names, including DeathRansom, Fivehands e Abyss Locker.