hellokitty
1 incidentes
0 paises
0 sectores
ransomware UA Ultimo: 2026-06-25
Aliases: hellokitty, KittyCrypt, HelloGookie, FiveHands
HelloKitty, also known by the alias FiveHands, is a ransomware operation that first emerged in late 2020, with its initial samples observed in October. The group is characterized by its rapid adaptation of new tactics, techniques, and procedures, notably deploying both Windows and Linux variants of its ransomware, including a version targeting VMware ESXi environments. Initially, the group was assessed with moderate confidence to be of Ukrainian origin, though recent activity suggests an evolving geographic footprint with samples uploaded from Chinese IP addresses. Its primary motivation is financial gain through data encryption and extortion, employing double extortion tactics by exfiltrating data prior to encryption and threatening its release or sale. A distinguishing behavior is its customization of ransom notes, often addressing victims by name, and its use of a unique mutex, "HelloKittyMutex," upon execution. The group is also known for sometimes opening a shell terminal to displ
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises objetivo (SOCRadar)
United Arab Emirates
Argentina
Australia
Belgium
Brazil
China
Germany
Spain
France
United KingdomSectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersHospitalsAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic Administration