HelloKitty ransomware
Also known as: KittyCrypt, HelloGookie
Category: Malware
Type: Ransomware
Platform: Windows
Variants: –
Damage potential: Data encryption and loss, ransom demands, operational disruption, damage to reputation
Overview
The HelloKitty ransomware is a type of malicious software that encrypts a victim’s data and makes it inaccessible. After the encryption, attackers leave a customized ransom note asking for payment in exchange for decryption.
The HelloKitty ransomware has been active since 2020 and is named after a mutex it uses during its launch, the HelloKittyMutex. It often targets companies to have a better chance at collecting high ransom payments.
Possible symptoms
The main symptom of a HelloKitty ransomware infection is file encryption — you won’t be able to access the files you normally can. You’ll also see “.crypted” or “.kitty” file extensions and a ransom note named “read_me_unlock.txt.” Additionally, you may experience slow computer performance or notice a spike in network activity.
Sources of infection
Cybercriminals use phishing emails, malvertising, and peer-to-peer networks to distribute HelloKitty ransomware. They might also exploit vulnerabilities in outdated software or in the targeted system.
Protection
Good cybersecurity practices go a long way in protecting your devices or your company from this ransomware.
Here’s what you can do as an individual:
Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.
Avoid downloading files from unofficial sources, such as freeware websites or peer-to-peer networks.
Use NordVPN’s Threat Protection to scan downloads for malware, block shady websites, and stop malicious ads.
Back up important files or other data.
Install reputable antivirus software.
Update your operating system and other software regularly to take advantage of the most recent security updates.
Additional measures for company level protection:
Have a regular patching management system in place.
Implement network segmentation.
Carry out phishing awareness trainings.
Have strict user access control rules. Only allow users to access the data they need for their work.
Prepare a detailed incident response plan.
Removal
You can use antivirus software to detect the presence of HelloKitty ransomware. If you have a clean backup for all your important files, you can carry out a full system wipe to get rid of the ransomware and restore your data from the backup — but this will only work if the ransomware hasn’t spread throughout the network. If the infection is severe and spread out, you should contact an IT professional to find a way to clear your system.
