HelloKitty ransomware behind CD Projekt Red attack

Ransom note points to the HelloKitty group

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

More information has come to light regardingthe ransomware attackthat struck the manufacturers of Cyberpunk 2077. Polish video game developer CD Projekt Red revealed the ransomware note it had received, which bears all the hallmarks of being distributed by the ransomware group known as, “HelloKitty.”

Earlier this week, CD Projekt revealed that an unidentified actor gained access to its internal network and encrypted a number of its files. It did reassure gamers, however, thatbackup sourcesremained unaffected and that it was already in the process ofrestoring the affected data.

Theransomwarenote contained all the usual rhetoric, informing CD Projekt that it had been “EPICALLY pwned” and threatening to leak source codes online. However, CD Projekt quickly responded by confirming that it would not give in to the ransom demands and had informed the relevant law enforcement officials of the incident.

Noting the similarities

Based on the ransom note,Fabian Wosar, Chief Technology Officer at anti-malware firm Emsisoft, believes that the ransomware is likely to have been implemented by the HelloKitty group. There is not too much information available about said group but they are believed to have targeted other large organizations previously, including Brazilian energy firm CEMIG in December last year.

The HelloKitty malware disables various processes and services beforeencryptingfiles on a victim’s device. Typically, the ransom note that accompanies this attack is titled, “‘read_me_unlock.txt,” which is the same name that accompanied the CD Projekt ransomware strain.

Ransomware attacks have become an increasingly popular method of extorting money, with cyberattackers stealing sensitive information that pertains to core company processes or which could damagea particular corporate individual. Sometimes, when ransomware strains are poorly designed, files can be restored without having to pay a ransom fee. However, the early indications are that there is no way of decrypting files affected by the HelloKitty malware for free.

ViaBleeping Computer

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

The Galaxy S25 Ultra’s rumored iPhone-beating power could tempt me back to Android