Also known as: KittyCrypt, HelloGookie
Category: Malware
Type: Ransomware
Platform: Windows
Variants: –
Damage potential: Data encryption and loss, ransom demands, operational disruption, damage to reputation
Overview
The HelloKitty ransomware is a type of malicious software that encrypts a victim’s data and makes it inaccessible. After the encryption, attackers leave a customized ransom note asking for payment in exchange for decryption.
The HelloKitty ransomware has been active since 2020 and is named after a mutex it uses during its launch, the HelloKittyMutex. It often targets companies to have a better chance at collecting high ransom payments.
Possible symptoms
The main symptom of a HelloKitty ransomware infection is file encryption — you won’t be able to access the files you normally can. You’ll also see “.crypted” or “.kitty” file extensions and a ransom note named “read_me_unlock.txt.” Additionally, you may experience slow computer performance or notice a spike in network activity.
Sources of infection
Cybercriminals use phishing emails, malvertising, and peer-to-peer networks to distribute HelloKitty ransomware. They might also exploit vulnerabilities in outdated software or in the targeted system.
Protection
Good cybersecurity practices go a long way in protecting your devices or your company from this ransomware.
Here’s what you can do as an individual:
- Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.
- Avoid downloading files from unofficial sources, such as freeware websites or peer-to-peer networks.
- Use NordVPN’s Threat Protection Pro to scan downloads for malware, block shady websites, and stop malicious ads.
- Back up important files or other data.
- Install reputable antivirus software.
- Update your operating system and other software regularly to take advantage of the most recent security updates.
Additional measures for company level protection:
- Have a regular patching management system in place.
- Implement network segmentation.
- Carry out phishing awareness trainings.
- Have strict user access control rules. Only allow users to access the data they need for their work.
- Prepare a detailed incident response plan.
Removal
You can use antivirus software to detect the presence of HelloKitty ransomware. If you have a clean backup for all your important files, you can carry out a full system wipe to get rid of the ransomware and restore your data from the backup — but this will only work if the ransomware hasn’t spread throughout the network. If the infection is severe and spread out, you should contact an IT professional to find a way to clear your system.
