
‘Hellcat’ is hot on the ransomware-as-a-service scene, and a new analysis shows that this gang prefers to play with its prey.
The latest ransomware gang, Hellcat, emerged on dark web forums in 2024, and like so many other players in the market, employs a ransomware-as-a-service model.
But what sets Hellcat apart from other ransomware groups is the “deeper psychological element” that is aimed at humiliating its targets, according to Cato, the Israeli network security company, and its analysis of Hellcat
“Humiliation is a major psychological tactic leveraged by Hellcat,” researchers claim.
For example, after cybercrooks penetrated the French multinational company Schneider Electric, hackers demanded the $125,000 ransom to be paid in baguettes.
Less dramatically, the gang uses double extortion tactics, another industry norm, used to exfiltrate and encrypt a victim’s data, followed by threats of revealing it to the public, if ransom demands aren’t met.
Hellcat’s victims
Since its inception in November 2024, Hellcat has launched attacks on notable targets like:
Schneider Electric, the French multinational company, was hacked by Hellcat and extorted for ransom. But not for cash. Instead, the ransomware gang demanded $125,000 in baguettes.
Prior to the Schneider Electric baguette incident, the ransomware gang compromised 400,000 rows of data and exfiltrated 40GB of sensitive information. The data leaked included email addresses and full names of customers and employees,
Hellcat also claimed to publish over 500,000 records of students, faculty, and staff of Tanzania’s College of Business Education, which contained personally identifiable information (PII).
The ransomware group then shifted its focus towards a US university worth roughly $5.6 billion. According to Cato, Hellcat published root access to the university’s server for the “low cost of $1,500.”
If bought and used by threat actors, this could compromise the university’s systems and allow access to student records, financial systems, and more.
Hellcat then targeted an unnamed French energy distribution company with an average annual revenue of over $7 billion. Similarly to the US university, the ransomware gang offered up root access to the company’s server for a measly $500.
Finally, Hellcat advertised root access to servers belonging to the Iraqi city government. This was also published for a ridiculously low price of $300.
It seems that Hellcat is intent on humiliating its victims rather than extorting them for their cash.
According to the Cybernews Ransomlooker tool, Hellcat is still active and has claimed one victim in January 2025.
Your email address will not be published. Required fields are markedmarked