Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

HelloKitty ransomware

HelloKitty ransomware

Also known as: KittyCrypt, HelloGookie

Category: Malware

Type: Ransomware

Platform: Windows


Damage potential: Data encryption and loss, ransom demands, operational disruption, damage to reputation


The HelloKitty ransomware is a type of malicious software that encrypts a victim’s data and makes it inaccessible. After the encryption, attackers leave a customized ransom note asking for payment in exchange for decryption.

The HelloKitty ransomware has been active since 2020 and is named after a mutex it uses during its launch, the HelloKittyMutex. It often targets companies to have a better chance at collecting high ransom payments.

Possible symptoms

The main symptom of a HelloKitty ransomware infection is file encryption — you won’t be able to access the files you normally can. You’ll also see “.crypted” or “.kitty” file extensions and a ransom note named “read_me_unlock.txt.” Additionally, you may experience slow computer performance or notice a spike in network activity.

Sources of infection

Cybercriminals use phishing emails, malvertising, and peer-to-peer networks to distribute HelloKitty ransomware. They might also exploit vulnerabilities in outdated software or in the targeted system.


Good cybersecurity practices go a long way in protecting your devices or your company from this ransomware.

Here’s what you can do as an individual:

  • Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.

  • Avoid downloading files from unofficial sources, such as freeware websites or peer-to-peer networks.

  • Use NordVPN’s Threat Protection to scan downloads for malware, block shady websites, and stop malicious ads.

  • Back up important files or other data.

  • Install reputable antivirus software.

  • Update your operating system and other software regularly to take advantage of the most recent security updates.

Additional measures for company level protection:

  • Have a regular patching management system in place.

  • Implement network segmentation.

  • Carry out phishing awareness trainings.

  • Have strict user access control rules. Only allow users to access the data they need for their work.

  • Prepare a detailed incident response plan.


You can use antivirus software to detect the presence of HelloKitty ransomware. If you have a clean backup for all your important files, you can carry out a full system wipe to get rid of the ransomware and restore your data from the backup — but this will only work if the ransomware hasn’t spread throughout the network. If the infection is severe and spread out, you should contact an IT professional to find a way to clear your system.

Ultimate digital security