According to the report, the ransomware group is performing DDoS attack as a part of its ransom activities. The HelloKitty/FiveHands gang is renowned for demanding various ransom payments in Bitcoin (BTC) that correspond to the victims’ financial capacities.
HelloKity is a ransomware operation run by humans that has been operating since November 2020 and was first discovered by the FBI in January 2021. The group is well known for breaking into and encrypting CD Projekt Red’s networks in February and claiming to have stolen the source code for Cyberpunk 2077, Witcher 3, Gwent and other titles.
HelloKitty later claimed that the files stolen from CD Projekt Red had been purchased, but this was never proven. The ransomware gang has also been utilising a Linux variant that targets VMw since at least July 2021.
To enter the targets networks, the group’s operators use a variety of methods, including SonicWall weaknesses (e.g., CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-2002) and compromised credentials.
The researchers warned that “Once inside the network, the threat actor will map the network and escalate privileges using publicly available penetration tool suites like Cobalt Strike, Mandiant’s Commando, or PowerShell Empire preloaded with publicly available tools like Bloodhound and Mimikatz before exfiltration and encryption.”
They’re just one of many ransomware gangs targeting Linux systems after enterprises moved to virtual machines for more effective resource use and easier device management. Ransomware operators may now encrypt numerous servers concurrently with a single order by targeting their virtual machines, saving time and effort.
According to submissions made by their victims on the ID Ransomware portal. The HelloKitty ransomware has also gone by the names DeathRansom and Fivehands. HelloKitty expanded its activity in July and August, shortly after commencing to employ the Linux variant in attacks.
The FBI also included an exhaustive list of indications of compromise (IOCs) to assist cybersecurity experts and system administrators in preventing attacks organised by the HelloKitty ransomware group.