Dead ransomware HelloKitty reanimates in rebrand and releases CD Projekt and Cisco data
Say hello to HelloGookie
HelloKitty is back. The dreaded ransomware, which died in late 2023 after the developer leaked both the builder and the source code on a hacker forum, is back with a new name and a new data leak website.
According to BleepingComputer, both the ransomware and the dark web portal are now called HelloGookie, most likely after the developer and operator, Gookee/kapuchin0. For the uninitiated, the original HelloKitty ransomware was developed and maintained by a hacker with the alias Guki.
That ransomware was known for targeting large organizations and corporations. It was established in late 2020, and gained infamy for breaching CD Projekt Red in February the next year.
Releasing decryptors
CD Projekt Red is a Polish game studio famous for its Witcher game series, as well as Cyberpunk 2077. So far, the Witcher series sold more than 50 million copies worldwide, while Cyberpunk 2077 currently sits at around 25 million. Both are open-world, role-playing games (RPG), and both have won numerous awards. Witcher 3 is widely considered as one of the best RPGs ever created.
When HelloKitty hit CD Projekt Red, it stole roughly 450GB of uncompressed source code, including files for an unreleased version of the Witcher 3 game, allegedly sporting ray tracing, a rendering technique used in computer graphics to produce highly realistic images by simulating the way light interacts with objects in a scene. Eventually, the technique made it to the Witcher 3 game in a 2022 update.
To “celebrate” the resurrection, the ransomware’s operator released the data stolen in the CD Projekt Red data breach, as well as data stolen from Cisco in a 2022 attack. Furthermore, they published four private decryption keys that can be used to decrypt files locked by HelloKitty.
There are currently no new leaks on the website, and no indication that there are any ongoing attacks. HelloKitty was a major player in the ransomware game. Whether HelloGookie manages to repeat the success of its predecessor remains to be seen.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- HelloKitty ransomware behind CD Projekt Red attack
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.