Ransomware gang Hello Kitty uses other cyberattacks in addition to ransomware to force victims to pay. If affected companies do not pay quickly enough, further disruptions such as (DDoS) attacks will follow, according to the FBI.
The FBI reports that ransomware group Hello Kitty takes extra measures when its victims refuse to pay the ransom or do not comply with the demands of the gang at all.
Offer data for sale
The cybercriminals put further pressure on the companies by, for example, carrying out Distributed Denial of Service (DDoS) attacks on the site or services of the affected companies that are still functional. In a DDoS attack, a server of a website or service is flooded with requests, after which it can no longer be reached.
In addition, the group not only threatens the disclosure of the stolen data. In some instances, they state that they will resell the sensitive data to interested brokers on the dark web. The cybersecurity industry has been bracing itself for this type of extra pressure for some time, but in practice, it has not happened that often because the encryption of the network already creates enough pressure in itself.
The group primarily targets companies using SonicWall products, a cybersecurity company under the Dell umbrella. Hello, Kitty abuses a number of known vulnerabilities of this service to break into the network. They also often manage to get their hands on the login details of employees, presumably via (spear) phishing. It is clear that this gang is investigating their target well, as the gang adjusts the amount of ransom according to the FBI based on an analysis of how much the company could lose.
With the growth of Ransomware-as-a-Service (RaaS), where cybercriminals rent out their toolset to other criminals, we see the ransomware strategy of various gangs only evolving.
Catch up on more articles here
Follow us on Twitter here