What’s HellCat?
HellCat is the identify of a comparatively new ransomware-as-a-service (RaaS) group that first got here to prominence within the second half of 2024. Like many different ransomware operations, HellCat breaks into organisations, steals delicate recordsdata, and encrypts pc techniques – demanding a ransom fee for a decryption key and to forestall the leaking of stolen recordsdata.
So it is your typical “double extortion” menace?
Sure, though HellCat has been identified to take a quite uncommon twist on issues in relation to plying on the stress.
What do you imply?
Properly, for example, when it claimed to have stolen roughly 40GB of delicate knowledge from French power large Schneider Electrical, it demanded a part of the ransom be paid “in baguettes.”
What???
Sure, they requested that $125,000 price of the ransom be paid in baguettes.
And did HellCat discover themselves rolling within the dough?
Oh, very droll. Properly, Schneider Electrical has not public disclosed whether or not it paid the ransom (not to mention delivered some baked items) to HellCat. Nonetheless, the truth that the ransomware group did leak knowledge from the corporate does indicate non-payment.
I assume it is a case of Loaf and Let Die?
Cease it. That’s sufficient. You knead to settle down.
Significantly, why would a ransomware gang demand baguettes?
Some have advised that it is a option to humiliate the sufferer of the ransomware. Others have speculated that it is simply the ransomware group attempting to get publicity for itself by an absurd ransom demand. It is unlikely that the gang actually wished that many baguettes… I imply, consider all of these carbs… My hunch is that it was a infantile joke that the ransomware gang thought was humorous, as Schneider Electrical is headquartered in France – the religious residence of the baguette.
You say “infantile”. Does that imply the ransomware gang is a bunch of youngsters?
It is laborious to inform for positive. However safety researchers have tried to determine key members of the HellCat group, and one among its key figures claims to be in his late teenagers.
Who’s that?
The alleged founder and one of many directors of HellCat goes by the deal with of “Pryx” and claimed final 12 months to be 17 years outdated. In an interview carried out final December, somebody claiming to be Pryx additionally that he was most excited by focusing on US and Israeli organaisations, with a deal with the federal government sector and companies producing a excessive income.
Other than Schneider Electrical, what different organisations has HellCat hit?
Reported victims of the HellCat ransomware have included Israel’s parliament The Knesset (extracting 64GB of delicate knowledge), Jordan’s Ministry of Schooling (stealing pictures of ID playing cards, divorce papers, and numerous letters addressed to the Minister), and cellular system supplier Transsion.
How will I do know if my organisation has been hit by HellCat?
Will probably be fairly apparent while you see the ransom demand.
The observe left by the attackers, guarantees that paying the ransom is not going to solely ship you the decryptor, but additionally “an outline of your community vulnerabilities and knowledge safety suggestions.”
Is there every other option to decrypt my recordsdata?
Sadly on the time of writing, there isn’t any publicly accessible decryption device for HellCat. If you do not have backups of your recordsdata, you would possibly end up in a sticky pickle.
So how can my firm defend itself from HellCat?
The very best recommendation is to comply with the suggestions on how you can defend your organisation from different ransomware. These embody:
- making safe offsite backups.
- operating up-to-date safety options and making certain that your computer systems and community gadgets are correctly configured and guarded with the most recent safety patches towards vulnerabilities.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever doable.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing employees concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge – similar to phishing assaults.
Editor’s Word: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially mirror these of Tripwire.
