Security Bulletin - HelloKitty Ransomware Source Code Leaked on Hacking Forum10/12/2023
What is Ransomware?

Ransomware is a type of malware that when activated encrypts infected users by blocking access to files until a ransom is paid.
In many cases, a full restore is needed to recover files, folders, that have been encrypted.

How is Malware distributed?

Malware is distributed through email attachments, links in emails, phishing emails, compromised credentials, and links on malicious websites.

About HelloKitty

Hello Kitty is not new and has been in circulation since early 2020, however on Oct 9th, 2023 a bad actor released the source code on a cybercrime forum, along with a Microsoft Visual Studio Project that can be used to create the ransomware and a related decryptor. The project with instructions means this threat is now public and any bad actor with moderate understanding of coding can create their own variant of the HelloKitty ransomware.

A few Suggestions
  • Warn all end users to be careful when clicking on links in email.
    • Best practice is to hover the mouse over the link but do not click This will show where the link is pointing.
    • If an unexpected email is received from a known contact containing a link, verify with the sender that they did send it.
  • When unexpectedly receiving a link to update account or shipping preferences from a respected website. Instead of clicking on the link, go direct to the website in question.
    • With the holidays approaching, fake package tracking from UPS, FedEx and Amazon will be on the rise. It is best to log directly into the website to monitor tracking versus clicking a link in an unexpected email.
  • Change passwords.
  • Be careful of websites. Especially now with a war in Europe and in the Middle East. Users are curious for content and may search for updates or additional information and be directed to a website they would not normally visit. It is very easy for an actor to take a valid news story and copy the story to a malicious website.
What to do if you think you are infected
  • Disabled internet connection by either disabling the wireless connection, or physically unplugging the network cable.
  • Notify IT
    • A scan should be initiated on the possibly infected computer, and possibly the rest of the network devices containing files.

Contact Us

Get a Quote Today