HelloKitty Ransomware Reborn as HelloGookie, Leaks Stolen Data

The infamous HelloKitty ransomware, responsible for several high-profile attacks, has seemingly returned from the dead. Researchers have discovered a rebranding effort, with the operation now going by the name HelloGookie. While there’s no evidence of new attacks, HelloGookie has made a splash by releasing stolen data from past victims, including CD Projekt Red and Cisco.

HelloKitty’s Reign of Terror

HelloKitty first emerged in November 2020, targeting corporate networks. The ransomware not only encrypted systems, hindering operations, but also stole sensitive data before locking victims out. In February 2021, they breached CD Projekt Red, the game developer behind popular titles like Cyberpunk 2077 and Witcher 3. This high-profile attack resulted in the encryption of company servers and the theft of valuable source code. HelloKitty later claimed to have sold the stolen data, including the unreleased Witcher 3 code, on the dark web.

HelloKitty’s Demise and HelloGookie’s Rise

In late 2023, HelloKitty seemingly met its end when the developer, known by the alias Guki, leaked the ransomware’s builder and source code on a hacker forum. This essentially made HelloKitty unusable for future attacks. However, in a surprising turn of events, the threat actor has resurfaced with a new name – HelloGookie – likely referencing Guki’s online handle.

HelloGookie appears to be more focused on data leaks than further ransomware attacks. Their newly established dark web portal contains stolen information from the past CD Projekt Red breach and a 2022 attack on Cisco.

A Glimmer of Hope for Past Victims

While the return of a familiar threat name might be unsettling, HelloGookie has offered a potential lifeline to some past victims. The data leak site includes four decryption keys that can unlock files encrypted by an older version of the HelloKitty ransomware. Security researchers are currently analyzing the keys to determine which specific versions of the encryptor they work with. This could allow victims impacted by those older variants to recover their data for free.

Uncertain Future for HelloGookie

Whether HelloGookie signifies a full-blown revival of HelloKitty’s ransomware operations or is merely a one-off data leak event remains unclear. Security experts are closely monitoring the situation. The lack of evidence for new attacks suggests HelloGookie might be focusing solely on data leaks. However, the possibility of future ransomware attacks under the HelloGookie name cannot be entirely ruled out.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.