HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077

HelloKitty is one of the recent ransomware samples used to compromise CD Projekt Red and Cyberpunk. The name HelloKitty comes from the group that attacked CD Projekt Red and Cyberpunk 2077 on February 9, 2021. CD Projekt Red is a video game development studio behind Cyberpunk 2077 and The Witcher trilogy. It disclosed a ransomware incident that impacted its internal network and a large group of critical assets including the source code of its popular games.

“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD Projekt capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,” the company said in a statement it released.

Figure 1: Official statement from CD Projekt Red on Twitter.

An overview of the HelloKitty ransomware

HelloKitty ransomware has been observed since November 2020 and targeted other large companies around the world, including the Brazilian power company CEMIG and a French IT service firm as well.

Figure 2: Ransomware notes dropped by HelloKitty ransomware.

Read More: https://resources.infosecinstitute.com/topic/hellokitty-the-ransomware-affecting-cd-projekt-red-and-cyberpunk-2077/