‘Death Kitty’: The ransomware that may be linked to the Transnet hack

Here’s what we know about Death Kitty, an obscure computer virus that is commonly used by Eastern European hacker groups.

‘Death Kitty’: The ransomware that may be linked to the Transnet hack

Ransomware commonly used by hacker groups from Eastern Europe or Russia may be responsible for the cyber attack on state-owned South African logistics company, Transnet. The attack, which breached the company’s IT security on 22 July, nearly brought operations at the country’s ports to a complete halt.


On Wednesday evening, 28 July, the Department of Public Enterprises, announced that Transnet restored full operations at all its ports.

Pravin Gordhan’s ministry also said the preliminary assessment of the cyber attack indicated that none of Transnet or its customer data was compromised during the attack and that the company is working on strengthening the weaknesses identified in its IT systems.

A Bloomberg report said Transnet was targeted with a strain of ransomware known by many names such as “Death Kitty”, “HelloKitty” and “Five Hands.” The strain of ransomware has been linked to several noteworthy data breaches that were carried out by hacker groups from Eastern Europe or Russia, according to cybersecurity experts.

These kinds of attacks are commonly accompanied by a “ransom letter” hence the name. Bloomberg claims it saw a copy of the ransom note that apparently claimed to have encrypted a substantial amount of Transnet data.


Earlier this year, on 9 February, Polish game developers CD Project Red were believed to be hit by a “HelloKitty” ransomware attack, according to Malwarebytes Labs – the blog associated with the antivirus software. The makers of The Witcher series and Cyberpunk 2077 announced the hack to their Twitter followers, posted the ransom note, and declared that they would not meet the hackers’ demands.

Brazilian electricity company CEMIG revealed a similar attack in December 2020. It has since been confirmed that HelloKitty ransomware was used in the hack that stole a large amount of data from the company but did not cause any damage.

Malwarebytes said HelloKitty ransomware – and its various names – was first detected in November 2020. “Some researchers refer to HelloKitty as DeathRansom – a ransomware family that, based on its earlier variants, merely renames target files and doesn’t encrypt them.”

Malwarebytes speculates that HelloKitty was built from DeathRansom and therefore its software detects the ransomware as “Ransome.DeathRansom.”

According to the antivirus company, the “actors” behind HelloKitty are not as active as other hacker groups that use different ransomware and therefore little is known about the virus. This corresponds with what cybersecurity experts told Bloomberg – gangs associated with Death Kitty reportedly keep a lower profile and do not advertise their services online.

Current cybersecurity intelligence suggests that Death Kitty ransomware infects systems via phishing emails or via secondary infection from an initial malware attack.


Transnet restores full port operations, NAVIS system back online
Source : The South African More   

What's Your Reaction?


Next Article

‘Extreme medical rarity’: Baby born with twin inside stomach

Doctors say they were able to remove the embryo, that had only partially developed, from the baby girl’s stomach

‘Extreme medical rarity’: Baby born with twin inside stomach

Doctors in Israel were in for a major shock following the delivery of a baby girl recently: She was born with an embryo inside her stomach, something medical officials say was a 1-in-500 000 medical rarity.

According to The Times of Israel, this is a case of “fetus-in-fetu” which occurred at at Assuta Medical Center in Ashod this past week.

“When the woman came to give birth, we got the impression that the baby had a big tummy. Because of that, the moment the baby was born, we checked her and realized that we can feel something inside her stomach, so we did ultrasound tests among others,” one of the doctors, Dr Omer Globus said.

Fetus-in-fetu: Doctor explains rare case

According to the Israeli publication, examinations on the mother already showed that the developing baby’s stomach was enlarged, and doctors were later able to confirm the unusual condition. Following the birth, the baby underwent ultrasound examinations and an X-ray. Doctors eventually managed to remove two more formations from inside the baby.

“Because of We were surprised to discover that in her stomach was a partially developed fetus. We immediately took her to the operating room and took it out. The impression we got is that there were originally two babies, and we’re checking it. The baby went through recovery for a few days and was released after her condition improved.”

Dr Omer Globus

Dr Globus further told The Times that they were able to see some bones and a heart. The baby is expected to make a full recovery and has been sent home. He said there were numerous reasons as to why such pregnancies could occur.

“It happens as part of the fetal development process when there are cavities that close during development and one of the embryos enters such a space. The fetus inside partially develops but does not live and remains there,” he said.

Source : The South African More   

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.