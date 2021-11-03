As if ransomware scams weren’t devastating enough already, the HelloKitty gang is now adding denial of service attacks to their roster of threats. This is the subject of an alert issued by the FBI last Thursday (28), informing American companies about a later attack tactic, which takes place after data is hijacked as a way to force victims to make payments.

It is a relatively new band, with operations from January 2021 and also going under the name FiveHands. Ransomware attacks occur from stolen credentials, access to internal systems, or known failures in servers and operating systems; when contact with the victim does not happen quickly, extortion involving the denial of service scam starts to happen.

This joins, of course, with known tactics such as posting sample data on cybercrime-focused sharing forums and, if a ransom is not received, fully releasing victims’ information. Meanwhile, the public website of affected companies is also bombarded with a high influx of requests, making it difficult to publish reports and support affected users.

In the statement, the FBI maintains its recommendation that the payment not be made to criminals under any circumstances, as the idea is that this action makes the crime profitable. In addition, the request is for those affected to search the authorities with all the information they have, including samples of malware used, encrypted files, email addresses used to contact and the cryptocurrency wallets to which payment should be sent .

In addition, authorities indicate security and mitigation measures to prevent HelloKitty attacks, such as performing backups, two-factor authentication and the use of security and threat intelligence systems, in addition to applying the latest updates to operating systems and apps. In case of compromise, the ideal is to isolate the affected systems and protect the old data, which must be in isolated networks from the main ones, so that they are not also affected by a ransomware attack.

Source: FBI