The recent ban of ransomware ads on well-known Russian speaking cybercrime forums has forced cybercriminals to promote their service using alternative methods. Two ransomware gangs, identified as Himalaya and LockBit, have been detected using their own site to promote encryption tools and hiring new affiliates.
LockBit ransomware gang advertised a new major version of their tool on their own website. Other ransomware gang Himalaya was also reportedly promoting its services using its own website.
With launching LockBit 2.0, the ransomware developers further announced a new affiliate recruitment session.To attract affiliates, the LockBit developers claim to offer the fastest encryption and file-stealing (StealBit) tools on their website. According to the ads, the operators will only need to get access to the core server and deploy the malware.
Himalaya, on the other hand, offers pretty much the same things as other ransomware services. They are providing an already compiled and configured FUD file-encrypting malware and offer 70% commission to affiliates.The Himalaya gang lays out a strict rule about the targets; it does not allow targeting the organizations related to public, healthcare, and non-profit sectors.
At present, only the Himalaya and the LockBit gang are apparently promoting their RaaS operation on their websites. However, experts say other ransomware gangs may also adopt this tactic. Thus, organizations are recommended to stay alert for such evolving threats.