The HelloKitty ransomware becomes HelloGookie and reveals a lot of sensitive data from companies or video games.
“HelloKitty is dead, long live HelloGoogie!” “, hackers might gargle. It was its creator pirate who announced the “ rebranding » of its ransomware. Now called HelloGookie by the man who calls himself Gookee/kapuchin0, this rebranding is accompanied by a new site on which sensitive information is published.
A new showcase that was quick to attract developers who had already exploited these leaks, compiling and sharing development versions of The Witcher 3.
HelloKitty, birth and peak of ransomware
Launched in November 2020, HelloKitty is a ransomware which particularly distinguished itself with a highly publicized offensive: the hacking of CD Projekt Red, the creator of the titles Cyberpunk 2077, The Witcher 3 And Gwent. The group managed to encrypt the company’s servers and steal the source code as part of the attack. The data was subsequently sold on the dark web, including the code of The Witcher 3then unpublished.
After this coup, HelloKitty gradually expanded by releasing a variant on Linux in 2021 which targeted VMware ESXi, just to extend its ramifications and… its profits. In 2022, the data leak site of another ransomware operation, Yanluowang, was reportedly hacked to leak conversations between members. These conversations revealed that Yanluowang was closely associated with the developer of HelloKitty, who used the name Guki in conversations.
From HelloKitty to HelloGookie, story of a metamorphosis
In October 2023, Gookee/kapuchin0 leaked the HelloKitty creator and source code to a hacker forum. This then sounded the death knell for the operations. The ransomware is then renamed HelloGookie and does not appear to cause new attacks or new victims under this new name. An inexplicable end and a rather timid beginning for this seasoned gang which has enough to question the finest blades of cybercrime.
But the story obviously doesn’t end there and HelloGookie will disclose information stolen during older attacks against CD Projekt Red and Cisco on its new site. It also reveals four private decryption keys for an older version of the HelloKitty ransomware encryptor, which could allow some victims to recover their files for free.
Access to archives of the late HelloKitty which immediately alerted the researchers of the specialized site 3xp0rt. They declared to BleepingComputer that they were currently studying the keys to determine which versions of the cipher they were working with. An equation with several unknowns, the main one of which remains the success of HelloGookie compared to its ancestor.
But if most of these well-established gangs attack large structures like Cisco or CD Projekt, the fact remains that more discreet and more modest organizations target prey within their reach such as individuals. Fortunately, there are tools to protect you from this ransomware which can plunder your data as well as your bank account.
Source : Bleeping Computer
0