In recent years, there have been many cyberattacks with ransomware. Like the leading US fuel pipeline company Colonial or even the world’s leading technology company Kaseya have been victims of ransomware attacks. And recently, the world cybersecurity community has had to stir with a new type of malicious code called HelloKitty. So what is HelloKitty ransomware and how to prevent HelloKitty ransomware DDoS attack?
Why businesses need to prevent HelloKitty Ransomware DDoS attack?
The United States Federal Bureau of Investigation (FBI) has issued a warning about a new dangerous ransomware. It is the HelloKitty ransomware aka DeathRansom, FiveHands. Previously, this type of ransomware only encrypted files and demanded ransom. But now, HelloKitty is also ready to use distributed denial of service (DDoS) attacks to force victims to pay ransom.
Last week, the FBI in collaboration with the Cybersecurity and Infrastructure Agency (CISA) made the new announcement. They said HelloKitty will crash the web system if victims do not comply with ransom demands.
HelloKitty specializes in stealing sensitive documents from victims’ servers and encrypting them. Attackers use that sensitive data as “hostages”, forcing victims to pay a ransom. Otherwise, the consequences are that the people behind HelloKitty will leak that information on sites specializing in data leaks.
“In some cases, if the victim does not respond early or does not pay the ransom, cybercriminals will launch a DDoS attack on the victim’s website”, the FBI added.
“HelloKitty/FiveHands often demand Bitcoin ransoms commensurate with the size and potential of the victim. If the ransom is not paid, the attacker threatens to post the data to Babuk.bin.) Or sell it to a third party, usually data brokers.” Therefore, if businesses do not have measures against DDoS Ransomware HelloKitty attack, the consequences will be very serious.
How does HelloKitty ransomware attack corporate websites?
HelloKitty attacks victims from leaked login credentials. Or they take advantage of the website’s security hole to infiltrate their network. These security flaws can be patches in SonicWall products such as CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021 -2002.
This ransomware started working late last year, November 2020. And was watched by the FBI from the beginning of 2021. But it was not until February of this year that HelloKitty became known to many people. They are the culprit behind the breach and system encryption of game studio CD Projekt Red. At the time, the gang claimed to have stolen the source code of Cyberpunk 2077, Witcher 3, Gwent, and other games.
Not long after, HelloKitty announced that it had sold stolen files from CD Projekt Red. However, this information has not yet been clearly verified.
In July, this ransomware group showed signs of activity again. This time, they use a Linux variant that targets VMware’s ESXi virtual machine platform. HelloKitty is just one of many groups of ransomware attacking Linux servers.
So why is the target of Ransomware HelloKitty a virtual server system?
Virtual servers make using resources more efficient and managing devices easier. So it’s no surprise that more and more businesses are using them. By attacking virtual servers, attackers can encrypt multiple servers simultaneously with a single command. Obviously, this saves them a lot of time and effort. Therefore, it is understandable that businesses using virtual servers become targets of attacks.
S_ubmission HelloKitty Ransomware (ID Ransomware)_
As noted from ID Ransomware, HelloKitty increased significantly in July and August of this year. They have been more active since using the Linux variant in the attacks.
In addition, the FBI has also shared about the Intrusion Indicators (IOC) in their warning. As a result, network security experts and system administrators can recognize it early. From there, take appropriate measures to combat the HelloKitty ransomware attack.
How to prevent HelloKitty Ransomware DDoS attack?
Authorities like the FBI have also warned about how dangerous they are as well as preventing DDoS Ransomware HelloKitty attacks. Therefore, businesses need to be extremely vigilant. At the same time, take measures to prevent HelloKitty Ransomware DDoS attack as follows:
- Do not open email attachments, links from unknown senders.
- Avoid opening downloads with third-party downloaders or unofficial websites.
- Only use tools released from official developers.
- Keep your anti-virus and anti-spyware software up to date.
If your business has been infected with HelloKitty ransomware, take the following steps to prevent a DDoS Ransomware HelloKitty attack from becoming more serious:
Step 1: Report the ransomware to the authorities immediately
Step 2: Isolate the device suspected of being infected with ransomware
Step 3: Identify the source of the ransomware infection
Step 4: Look for ransomware decryption tools
Step 5: Recover files with data recovery tools
Step 6: Create a data backup
VNIS – Solution to Anti DDoS attacks on Web/App due to Ransomware
HelloKitty ransomware attackers have many tricks to infiltrate enterprise systems. They also incorporate DDoS attacks to increase the level of threat to the victim.
The above prevention methods only partially reduce the risk of being infected with malicious code. And data recovery tools cannot guarantee recovery of all data. Therefore, businesses should soon equip with a professional security solution to effectively Anti DDoS Ransomware HelloKitty attacks.
VNIS is a comprehensive website security solution for businesses. With advanced Cloud WAF technology combined with artificial intelligence AI and machine learning, VNIS will control and prevent security holes, malicious data collectors, especially OWASP top 10 vulnerabilities. . In addition, thanks to the integration of Multi CDN technology with a global bandwidth of up to 2,600Tbps, VNIS helps prevent the largest layer 3/4/7 DDoS attacks.
If you need support or guidance on comprehensive website protection solutions for your business, do not hesitate to contact us immediately, or call the hotline: (028) 7306 8789.