HelloKitty, a notorious ransomware that was believed to have succumbed in late 2023 after its developer leaked crucial information on a hacker forum, has made a comeback under a new guise. The malware is now known as HelloGookie, adopting a fresh name and unveiling a new data leak website, as disclosed by BleepingComputer. The rebranding is speculated to be in honor of its developer and operator, Gookee/kapuchin0. For the unacquainted, the original HelloKitty ransomware was crafted and maintained by a hacker alias Guki.
Releasing decryptors
HelloKitty garnered notoriety for its modus operandi of targeting large organizations and corporations. It was first introduced in late 2020 and gained infamy for its breach of CD Projekt Red in February of the following year.
CD Projekt Red, a distinguished Polish game studio renowned for its Witcher game series and Cyberpunk 2077, faced a significant blow when HelloKitty infiltrated its systems and exfiltrated approximately 450GB of uncompressed source code. Among the stolen data were files for an unreleased version of the acclaimed Witcher 3 game, allegedly featuring ray tracing, a graphics rendering technique that simulates realistic scenes by replicating how light interacts with objects. This novel technique was subsequently integrated into the Witcher 3 through a 2022 update.
To commemorate its resurgence, the ransomware’s operator has unleashed the stolen data from the CD Projekt Red breach and data pilfered from an attack on Cisco in 2022. Additionally, four private decryption keys have been disclosed, enabling affected users to unlock files encrypted by HelloKitty.
As of now, there have been no recent data leaks on the new HelloGookie website, and there are no indications of ongoing cyber attacks. HelloKitty was a formidable force in the realm of ransomware, and only time will reveal whether HelloGookie can replicate the previous success of its predecessor.