The FBI is warning personal trade companions concerning the HelloKitty ransomware group (aka FiveHands/DeathRansom). The group is now utilizing Distributed Denial-of-Service (DDoS) assaults as an extortion tactic.
- The ransomware group calls for a various quantity of ransom funds for every sufferer, primarily based on their capability to pay.
- If no ransom is paid, the sufferer knowledge is posted to the Babuk website (payload[.]bin) or offered to a third-party knowledge dealer.
- The operators make use of a number of methods to breach the targets’ networks. These methods embody compromised credentials and patched safety flaws in SonicWall merchandise (e.g., CVE-2021-20016, CVE-2021-20022, CVE-2021-20021, and CVE-2021-2002).
- The FBI shared a group of Indicators of Compromise (IOCs) in its alert to remain shielded from this menace.
- HelloKitty increased its activity in July and August, simply after it began utilizing the Linux variant in assaults to focus on VMware’s ESXi digital machine platform.
- In February, the group had breached and encrypted the techniques of CD Projekt Red.
The alert for HelloKitty ransomware is a severe discover and organizations ought to apply advisable mitigations on the earliest. These mitigations embody backing up important knowledge offline and updating used software program and OS often. Moreover, it’s urged to put in and at all times replace antimalware defenses.