Since two prominent cybercrime forums banned topics related to ransomware due to increased attention from law enforcement after the recent high-impact attacks, criminal operations have had to find alternative methods for promoting their ransomware services.
Now, at least two ransomware-as-a-service (RaaS) groups made their own websites to advertise the features of their encryption tools in order to attract new members.
About a week ago, the LockBit ransomware gang released a new version of their tool, which it advertises on its new website, claiming that it has significantly improved the encryption speed.
LockBit authors attract partners with claims of easy process, the fastest encryption, and file-stealing (StealBit) tools in the world. According to the threat actor, they tested various ransomware pieces and found that their encryption speed was the fastest.
“The only thing you have to do is to get access to the core server, while LockBit 2.0 will do all the rest. The launch is realized on all devices of the domain network in case of administrator rights on the domain controller,” says the LockBit ransomware gang.
Along with the launch of LockBit 2.0, the developers of the ransomware operation also announced new affiliate recruitment round.
Another actor who started promoting their RaaS campaign on their website is HimalayA.
Himalaya is a new ransomware actor that advertises to their affiliates a free encrytor in return for a 70% commission. Himalaya has a strict rule about which targets can be attacked. Healthcare, public, and non-profit organizations must not be targeted.
While LockBit and Himalaya are the only known ransomware gangs that are currently running campaigns on their websites, other groups could soon follow suit.
Some ransomware groups prefer to remain anonymous and rely on their affiliates to get new partners, The REvil gang is one such example.