April 19, 2024 at 03:26PM
HelloKitty ransomware was rebranded as HelloGookie by its operator ‘Gookee/kapuchin0.’ Celebrating this rebrand, the threat actor released private decryption keys and leaked passwords and sensitive information from previous attacks on CD Projekt and Cisco. The group is now actively developing from the leaked source code. Whether HelloGookie will reach HelloKitty’s notoriety is yet to be seen.
Here are the key takeaways from the meeting notes:
1. The HelloKitty ransomware operation has been rebranded as HelloGookie by the threat actor ‘Gookee/kapuchin0.’
2. HelloKitty was notorious for attacking corporate networks, stealing data, and encrypting systems. It was also behind the breach of CD Projekt Red, stealing source code and subsequently releasing it on the dark web.
3. The leaked source code from CD Projekt Red includes data for games like Witcher 3, Gwent, and Cyberpunk, as well as various console SDKs and build logs, totaling 450 GB uncompressed.
4. A group of developers has compiled the leaked source code of Witcher 3 and is working on creating a developer build.
5. HelloKitty and the ransomware group Yanluowang were closely associated, and the developer of HelloKitty, known as Guki, was linked to Yanluowang.
6. HelloGookie has released stolen information from older attacks on CD Projekt Red and Cisco, including four private decryption keys for an older version of the HelloKitty ransomware encryptor.
7. A potential collaboration between HelloGookie and Yanluowang is indicated by the release of NTLM hashes from Cisco, highlighting a closer relationship than previously known.
It remains to be seen if HelloGookie will achieve the operational success, attack volumes, and notoriety levels that were associated with HelloKitty.