The source code for the 2020 variant of the HelloKitty ransomware was recently leaked on a Russian-speaking cybercrime forum by a threat actor known as ‘kapuchin0’ or ‘Gookee.’ This leak was reported by cybersecurity researchers from 3xp0rt.
Furthermore, Kapuchin0 claimed that the leaked code represents the first breach of the HelloKitty ransomware and hinted at the development of a new and more intriguing cyber threat. The leaked archive contains a Microsoft Visual Studio project that can be used to create the HelloKitty ransomware along with its associated decryptor.
Additionally, the legitimacy of the source code leak was verified by malware researcher Michael Gillespie, confirming its connection to the 2020 version of the ransomware. This release raises concerns as it allows other threat actors to potentially create their own versions of the HelloKitty ransomware. The HelloKitty ransomware gang, also known as FiveHands, has been active since January 2021 and has gained notoriety for its tactics, including launching distributed denial-of-service (DDoS) attacks on victims who refuse to pay the ransom.
Like many ransomware groups, HelloKitty employs a double extortion model, stealing sensitive documents before encrypting them and then threatening to leak the stolen data to pressure victims into paying the ransom, often demanded in Bitcoin.
The group utilizes various techniques to breach their targets’ networks, including exploiting vulnerabilities like SonicWall flaws and utilizing compromised credentials. This leak emphasizes the evolving and persistent threats posed by ransomware groups, necessitating continued vigilance and security measures.
