HelloKitty ransomware encrypts user data AES-256 + RSA-2048 or AES-128 + NTRU and give an special onion domain link, instead of an email, to the user to contact for ransom negotiations. HelloKitty Ransomware is not as sophisticated as more well-known families such as Ryuk an REvil but upon execution it is equally lethal. HelloKitty will attempt to disable and terminate a number of processes and services so as to reduce interference with the encryption process. This includes processes and services associated with IIS, MSSQL, Quickbooks, Sharepoint, and more. These actions are carried out via taskkill.exe and net.exe. This is all done in a very non-stealthy manner. All spawned CMD windows are in the foreground and fully visible. This 'lack of discreteness' is not usual for modern ransomware. Yet it is able to compromise CEMIG a power company and CD PROJEKT RED Gaming Studio.
HelloKitty Ransomware Signatures
HelloKitty Ransomware Download