The FBI warns that the hacking group called HelloKitty also uses DDOs attacks to extort money from victims. This happens in addition to extortion through the encryption of systems and the disclosure of files. How often this occurs is unknown.
The HelloKitty group would “in some cases” launch DDOs attacks on the public websites of extorted organizations if they refuse to pay the demanded ransom or do not respond in time, the FBI said in a public warning message. The American police service does not write how often this occurs in practice. Security experts have been predicting for a few years that ransomware criminals will also use DDOs attacks as an extra means of pressure, but in practice this is rarely the case.
The ransom amount that the group demands differs from victim, the FBI writes, similar to how most ransomware gangs operate in 2021. It is striking that the group not only threatens to disclose the data, but in some cases also wants to sell it to intermediaries. Usually stolen data is simply put on the internet.
The hacker group knows how to infect companies that use SonicWall products with the HelloKitty ransomware, also known as FiveHands ransomware. To do this, the attackers use compromised credentials or known software vulnerabilities.