Unit42 says HelloKitty is a family of ransomware that first appeared in late 2020, primarily targeting Windows systems. The malware family gets its name from its use of a Mutex of the same name: HelloKittyMutex. The ransomware samples seem to evolve quickly and frequently, with different versions using .crypted or .kitty file extensions for encrypted files. Some newer samples use a Golang packer that ensures the final ransomware code is loaded only in memory, the most likely to escape detection by security solutions.