HelloKitty is back. The dreaded ransomware, which went down in late 2023 after its developer leaked both its builder and source code on a hacker forum, is back with a new name and a new data breach website.
According to BleepingComputer, both the ransomware and the dark web portal are now called HelloGookie, most likely after the developer and operator Gookee/kapuchin0. For the uninitiated, the original HelloKitty ransomware was developed and maintained by a hacker going by the alias Guki.
That ransomware was known for targeting large organizations and companies. It was founded in late 2020 and gained infamy for breaching CD Projekt Red in February of the following year.
Release decryptors
CD Projekt Red is a Polish game studio known for its Witcher game series and Cyberpunk 2077. To date, the Witcher series has sold over 50 million copies worldwide, while Cyberpunk 2077 currently stands at around 25 million. Both are open-world role-playing games (RPG), and both have won numerous awards. Witcher 3 is widely regarded as one of the best RPGs ever made.
When HelloKitty released CD Projekt Red, it stole roughly 450 GB of uncompressed source code, including files for an unreleased version of the Witcher 3 game, allegedly using ray tracing, a rendering technique used in computer graphics to produce highly realistic images through the way light is simulated interacting with objects in a scene. The tech eventually made it to the Witcher 3 game in a 2022 update.
To “celebrate” its resurrection, the ransomware operator released the data stolen in the CD Projekt Red data breach, as well as the data stolen from Cisco in a 2022 attack. Moreover, they have published four private decryption keys that can be used to decrypt files locked by HelloKitty.
There are currently no new leaks on the website and no evidence of ongoing attacks. HelloKitty was a major player in the ransomware game. Whether HelloGookie will be able to repeat the success of its predecessor remains to be seen.