FBI's investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

While investigating a data breach suffered by a medical institution, the FBI mistakenly revealed that it believed the HelloKitty ransomware gang was active in Ukraine.

The FBI’s investigation into a recent data breach suffered by an Oregon medical institution was Hello Kitty Ransomware The gang (Five Hands) is based in Ukraine.

“The Oregon Anesthesiology Group, PC (OAG) experienced a cyberattack on July 11th, after which their servers were briefly locked.” To read Data Breach Notification Published by the Oregon Anesthesiology Group. “On October 21, the FBI informed OAG that they had seized the account of HelloKitty, a Ukrainian hacking group that contained files from OAG patients and staff. The FBI believes that HelloKitty exploited a vulnerability in a third-party firewall to allow hackers to break into the network.”

The HelloKitty gang has been active since January 2021 and is still active. In November, the US FBI posted a flash alert warning private organizations of the evolution of the HelloKitty ransomware (also known as FiveHands). According to the warning, ransomware gangs are launching distributed denial-of-service (DDoS) attacks as part of extortion activities.

Ransomware gangs target victims’ websites with DDoS attacks if they refuse to pay the ransom. The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model to steal sensitive documents from victims before encryption. The threat actor then exfiltrates the stolen data, threatening the victim to pay a ransom.

The HelloKitty/FiveHands gang is known for demanding various ransom payments in Bitcoin (BTC) commensurate with the economic power of the victims.

The operator of the group is responsible for SonicWall faults (e.g. CVE-2021-20016, CVE-2021-20021, CVE-2021-20022, CVE-2021-2002) or compromised credentials.

In May, the US CISA also released an analysis report (AR21-126A) for the FiveHands ransomware, but in any case US authorities did not disclose the possible location of the gang.

Accidental revelations could now suggest that the gang is temporarily shutting down and moving to another country where local police will be more tolerant.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine

Source

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

While investigating a data breach suffered by a medical institution, the FBI mistakenly revealed that it believed the HelloKitty ransomware gang was active in Ukraine.

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

Editor Picks

Are Wi-Fi Hotspots Dangerous to Use? |

WH Smith investigates hacking attack after employee data stolen • Graham Cluley

Green Tech that ‘Moves the Needle’ on Climate Change

Must read

18 cybersecurity startups to watch

Microsoft’s Autopatch feature improves the patch management processSecurity Affairs

Not Feeling it Tonight? Here’s The Ultimate List of Safe Porn Sites.

Popular categories