HelloKitty Ransomware Rebrands, Leaks Stolen Data
The operator of the HelloKitty ransomware program has announced a rebranding to HelloGookie and has released passwords for previously leaked source codes of CD Projekt RED, information about Cisco networks, as well as decryption keys for data from past attacks.
This name change coincides with the launch of a new portal on the darknet. To celebrate the launch, the perpetrator, known by the names Gookee/kapuchin0 and claiming to be the creator of HelloKitty, released four private decryption keys for files from previous attacks, as well as internal information stolen from Cisco in 2022 and passwords to the leaked source codes for Gwent, The Witcher 3, and Red Engine, which were stolen from CD Projekt in 2021.
According to VX-Underground, the source code for The Witcher 3 has already been compiled, and screenshots and videos of the game’s development builds have surfaced online.
A representative of the group assembling The Witcher 3, known as “sventek,” reported that the leaked data from CD Projekt totals 450 GB uncompressed and contains source codes for The Witcher 3, Gwent, Cyberpunk, as well as SDKs for various consoles (PS4/PS5 XBOX NINTENDO) and some build logs. Sventek also noted that he had previously managed to compile Cyberpunk 2077 from the leaked data and that he was behind the previous leak of the GTA V source code.
Gookee/kapuchin0 also shared that in October 2023, information about the builder and source code of HelloKitty was leaked on a hacker forum, marking the end of HelloKitty operations.
Under the new name HelloGookie, data from old attacks on CD Projekt Red and Cisco were published. The leak site also posted four private keys for the old version of the HelloKity encryptor, which could potentially allow some victims to recover their files for free.
Cisco has confirmed that it is aware of the published information regarding the leak and has been reminded that a detailed description of the incident was published in 2022 on the Cisco Talos blog.
It remains to be seen whether HelloGookie will achieve the same level of operational success, volume of attacks, and notoriety as HelloKitty.