HelloKitty ransomware behind CD Projekt Red attack

(Image credit: Shutterstock / binarydesign)

More information has come to light regarding the ransomware attack that struck the manufacturers of Cyberpunk 2077. Polish video game developer CD Projekt Red revealed the ransomware note it had received, which bears all the hallmarks of being distributed by the ransomware group known as, “HelloKitty.”

Earlier this week, CD Projekt revealed that an unidentified actor gained access to its internal network and encrypted a number of its files. It did reassure gamers, however, that backup sources remained unaffected and that it was already in the process of restoring the affected data.  

The ransomware note contained all the usual rhetoric, informing CD Projekt that it had been “EPICALLY pwned” and threatening to leak source codes online. However, CD Projekt quickly responded by confirming that it would not give in to the ransom demands and had informed the relevant law enforcement officials of the incident.

Noting the similarities

Based on the ransom note, Fabian Wosar, Chief Technology Officer at anti-malware firm Emsisoft, believes that the ransomware is likely to have been implemented by the HelloKitty group. There is not too much information available about said group but they are believed to have targeted other large organizations previously, including Brazilian energy firm CEMIG in December last year.

The HelloKitty malware disables various processes and services before encrypting files on a victim’s device. Typically, the ransom note that accompanies this attack is titled, “'read_me_unlock.txt,” which is the same name that accompanied the CD Projekt ransomware strain.

Ransomware attacks have become an increasingly popular method of extorting money, with cyberattackers stealing sensitive information that pertains to core company processes or which could damage a particular corporate individual. Sometimes, when ransomware strains are poorly designed, files can be restored without having to pay a ransom fee. However, the early indications are that there is no way of decrypting files affected by the HelloKitty malware for free.

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.