Skip to main content


Home HelloKitty ransomware

HelloKitty ransomware

Also known as: KittyCrypt, HelloGookie

Category: Malware

Type: Ransomware

Platform: Windows

Variants:

Damage potential: Data encryption and loss, ransom demands, operational disruption, damage to reputation

Overview

The HelloKitty ransomware is a type of malicious software that encrypts a victim’s data and makes it inaccessible. After the encryption, attackers leave a customized ransom note asking for payment in exchange for decryption.

The HelloKitty ransomware has been active since 2020 and is named after a mutex it uses during its launch, the HelloKittyMutex. It often targets companies to have a better chance at collecting high ransom payments.

Possible symptoms

The main symptom of a HelloKitty ransomware infection is file encryption — you won’t be able to access the files you normally can. You’ll also see “.crypted” or “.kitty” file extensions and a ransom note named “read_me_unlock.txt.” Additionally, you may experience slow computer performance or notice a spike in network activity.

Sources of infection

Cybercriminals use phishing emails, malvertising, and peer-to-peer networks to distribute HelloKitty ransomware. They might also exploit vulnerabilities in outdated software or in the targeted system.

Protection

Good cybersecurity practices go a long way in protecting your devices or your company from this ransomware.

Here’s what you can do as an individual:

  • Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.
  • Avoid downloading files from unofficial sources, such as freeware websites or peer-to-peer networks.
  • Use NordVPN’s Threat Protection Pro to scan downloads for malware, block shady websites, and stop malicious ads.
  • Back up important files or other data.
  • Install reputable antivirus software.
  • Update your operating system and other software regularly to take advantage of the most recent security updates.

Additional measures for company level protection:

  • Have a regular patching management system in place.
  • Implement network segmentation.
  • Carry out phishing awareness trainings.
  • Have strict user access control rules. Only allow users to access the data they need for their work.
  • Prepare a detailed incident response plan.

Removal

You can use antivirus software to detect the presence of HelloKitty ransomware. If you have a clean backup for all your important files, you can carry out a full system wipe to get rid of the ransomware and restore your data from the backup — but this will only work if the ransomware hasn’t spread throughout the network. If the infection is severe and spread out, you should contact an IT professional to find a way to clear your system.