Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label reanimation. Show all posts

Revived Ransomware HelloKitty Returns with Rebranding, Leaks CD Projekt and Cisco Data

 

HelloKitty, a notorious ransomware that became defunct in late 2023 after its developer leaked both the builder and source code on a hacker forum, has resurfaced under a new name and a fresh data leak website. According to reports from BleepingComputer, the ransomware and its associated dark web portal have been rebranded as HelloGookie, likely in reference to the developer and operator, Gookee/kapuchin0, who was behind the original HelloKitty ransomware.

Originally created and maintained by a hacker known as Guki, HelloKitty was infamous for its targeting of large organizations and corporations since its establishment in late 2020. One of its notable breaches occurred in February the following year when it infiltrated CD Projekt Red, a renowned Polish game studio famous for titles like the Witcher series and Cyberpunk 2077. 

The Witcher series alone has sold over 50 million copies globally, while Cyberpunk 2077 boasts approximately 25 million sales. Both games, being open-world RPGs, have garnered numerous accolades, with Witcher 3 often hailed as one of the greatest RPGs ever developed.

During the attack on CD Projekt Red, HelloKitty pilfered about 450GB of uncompressed source code, which included files for an unreleased version of Witcher 3 purportedly featuring ray tracing, a cutting-edge rendering technique that simulates realistic lighting effects in computer graphics. 

This technique was eventually integrated into Witcher 3 via a 2022 update. In a bid to mark its resurgence, the operator of the ransomware released the pilfered data from the CD Projekt Red breach, along with data acquired from a 2022 attack on Cisco. Additionally, four private decryption keys were made public to facilitate the unlocking of files encrypted by HelloKitty.

As of now, there have been no new data leaks on the HelloGookie website, nor any indication of ongoing attacks. HelloKitty once held a significant position in the ransomware landscape, and it remains to be seen whether HelloGookie will achieve similar levels of success as its predecessor.