HELLOKITTY RANSOMWARE — RESURFACED?

**HelloKitty ransomware research summary**: This report presents a year-long technical analysis of HelloKitty (aka FiveHands/derivatives) covering 2020–2024 samples, encryption internals (embedded RSA-2048/NTRU, Salsa20/AES flows), observed TTPs (shadow copy deletion, process termination/injection, persistence via WMI, privilege escalation), victim list (notable victims including CD Projekt Red), TOR negotiation domains, sample IOCs (MD5s, onion addresses, IPs), and discussion of attribution (conflicting signals pointing to Ukraine and China).