HelloKitty Ransomware Source Code Leaked by Threat Actor

In a concerning development, the complete source code for the initial version of the HelloKitty ransomware has been leaked by a threat actor who claims to be working on a more powerful ransomware encryptor. The HelloKitty ransomware has been associated with various cyberattacks, including high-profile incidents, since its emergence in 2020. This security breach may have significant repercussions for the cybersecurity landscape.

Discovery of the HelloKitty Source Code Leak

The leak of the ransomware source code was first identified by cybersecurity researcher 3xp0rt. The threat actor behind this breach, who goes by the name ‘kapuchin0’ or ‘Gookee’, publicly released what they referred to as the “first branch” of the HelloKitty ransomware encryptor. It’s important to note that Gookee has previously been linked to malicious activities, including Ransomware-as-a-Service operations and attempts to sell malware source code.

Source: 3xp0rt

3xp0rt believes that kapuchin0/Gookee is the developer of the ransomware, and their statement, “We are preparing a new product and much more interesting than Lockbit,” suggests the development of a more potent ransomware variant.

Content of the Source Code and Associated Risks

The leaked source code archive, named ‘hellokitty.zip,’ includes a Microsoft Visual Studio solution for building the ransomware and its decryptor. It also contains the NTRUEncrypt library, which this particular version of the ransomware uses to encrypt files.

HelloKitty zip folder

The public availability of ransomware source code can have adverse consequences. Past incidents, such as the release of the HiddenTear source code and Babuk ransomware source code, have demonstrated that threat actors quickly adopt such code to launch their own extortion operations. As of now, over nine ransomware operations still use the Babuk source code as the foundation for their encryptors.

Profile of HelloKitty Ransomware

HelloKitty is a human-operated ransomware group that has been active since November 2020. The gang is known for infiltrating corporate networks, stealing data, and encrypting systems. In a double-extortion scheme, the group threatens to release stolen data if the victim does not pay the ransom.

One of the most prominent attacks attributed to HelloKitty was the breach of CD Projekt Red in February 2021. During this incident, the threat actors claimed to have stolen source code for popular games like Cyberpunk 2077 and The Witcher 3, which they later put up for sale.

The HelloKitty group has evolved over time, including the use of a Linux variant targeting the VMware ESXi virtual machine platform.

The leak of the HelloKitty ransomware source code is a troubling development with the potential to lead to a proliferation of ransomware variants. This incident underscores the need for enhanced cybersecurity measures and collaborative efforts to mitigate the impact of ransomware attacks. The public and private sectors must remain vigilant in defending against evolving cyber threats.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Critical Linux Vulnerabilities Put Several Ubuntu Users at Risk

‘Pig Butchering’ A Crypto Scam that Stole Over $1 Million in 3 Months

Sophos Impersonated by New SophosEncrypt: A Disturbing Cybersecurity Incident

Microsoft Uncovers Critical Vulnerabilities in Industrial Software