Skip to content


HELLOKITTY is a ransomware written in C++ that shares similar code structure and functionality with DEATHRANSOM and FIVEHANDS. HELLOKITTY has been used since at least 2020, targets have included a Polish video game developer and a Brazilian electric power company.1

Item Value
ID S0617
Associated Names
Version 1.0
Created 03 June 2021
Last Modified 18 October 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1486 Data Encrypted for Impact HELLOKITTY can use an embedded RSA-2048 public key to encrypt victim data for ransom.1
enterprise T1490 Inhibit System Recovery HELLOKITTY can delete volume shadow copies on compromised hosts.1
enterprise T1135 Network Share Discovery HELLOKITTY has the ability to enumerate network resources.1
enterprise T1057 Process Discovery HELLOKITTY can search for specific processes to terminate.1
enterprise T1082 System Information Discovery HELLOKITTY can enumerate logical drives on a target system.1
enterprise T1047 Windows Management Instrumentation HELLOKITTY can use WMI to delete volume shadow copies.1