[ad_1]
The U.S. Federal Bureau of Investigation (FBI) has despatched out a flash alert warning personal business companions that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) assaults to their arsenal of extortion ways.
In a Friday notification coordinated with the Cybersecurity and Infrastructure Safety Company (CISA), the FBI mentioned that the ransomware group would take their victims’ official web sites down in DDoS assaults in the event that they did not adjust to the ransom calls for.
HelloKitty can be recognized for stealing delicate paperwork from victims’ compromised servers earlier than encrypting them. The exfiltrated information are later used as leverage to strain the victims into paying the ransom beneath the specter of leaking the stolen knowledge on-line on a knowledge leak web site.
“In some instances, if the sufferer doesn’t reply rapidly or doesn’t pay the ransom, the risk actors will launch a Distributed Denial of Service (DDoS) assault on the sufferer firm’s public dealing with web site,” the FBI mentioned.
“Howdy Kitty/FiveHands actors demand various ransom funds in Bitcoin (BTC) that seem tailor-made to every sufferer, commensurate with their assessed capability to pay it. If no ransom is paid, the risk actors will publish sufferer knowledge to the Babuk web site payload.bin) or promote it to a third-party knowledge dealer.”
The group’s ransomware operators will use a number of strategies to breach the targets’ networks, together with compromised credentials and just lately patched safety flaws in SonicWall merchandise (e.g., CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-2002).
Who’s HelloKitty?
HelloKity is a human-operated ransomware operation energetic since November 2020 and first noticed by the FBI in January 2021.
The gang is primarily recognized for breaching and encrypting the programs of CD Projekt Pink in February and claiming to have stolen Cyberpunk 2077, Witcher 3, Gwent, and different video games’ supply code.
HelloKitty later claimed that somebody had bought the information stolen from CD Projekt Pink though it was by no means confirmed.
Since no less than July 2021, the ransomware gang was additionally noticed utilizing a Linux variant that targets VMware’s ESXi digital machine platform.
They’re simply one of many a number of ransomware gangs focusing on Linux servers after enterprise targets have migrated to utilizing digital machines for extra environment friendly use of assets and simpler gadget administration.
By focusing on their digital machines, ransomware operators can now encrypt a number of servers concurrently, with a single command, saving effort and time.
HelloKitty ransomware submissions (ID Ransomware)
Based mostly on submissions made by their victims on the ID Ransomware platform, HelloKitty considerably elevated its exercise in July and August, instantly after beginning to use the Linux variant in assaults.
The HelloKitty ransomware or its variants have additionally been used beneath different names together with DeathRansom and Fivehands.
The FBI additionally shared an in depth assortment of indicators of compromise (IOCs) of their alert to assist cybersecurity professionals and system admins to protect towards assault makes an attempt coordinated by the HelloKitty ransomware gang.
[ad_2]