Himalaya Ransomware-as-a-Service Promoted on the Dark Web
The campaigns of some ransomware gangs are not as elaborate as the ones of the notable names in the field, such as the DarkSide Ransomware gang. A fine example of this is the Himalaya Ransomware group. The first to report its activity were cybersecurity researchers back in June, but now there is a lot of new and interesting information about this project. It seems like the Himalaya Ransomware operators have created a website, which they want to use to attract potential affiliates.
But how do ransomware affiliate programs work? The answer is simple – a cybercriminal gets access to the Himalaya Ransomware payload, but the ransomware operators get a portion of the ransom fees. In the case of the Himalaya Ransomware, the crooks are asking for 30%, while the rest stays in the account of the customer. According to the offer on their website, the file-encryption that the file-locker uses is irreversible, and the payload is FUD (Fully UnDetectable.) FUD is a term that cybercriminals often use incorrectly, and the Himalaya Ransomware is no exception. The claims of the creators are a lie, and you can be sure that a reputable antivirus software suite will detect and stop Himalaya Ransomware easily.
The Creators of the Himalaya Ransomware Claim it is Undetectable
The website of the gang appears to be very amateurish. Typically, ransomware affiliates get the ability to build a new payload on the fly, but the crooks behind this project provide no such features. Instead, they ask the affiliate to email them with the configuration of the ransomware:
- Ransom fee amount.
- Files to encrypt.
- Folders to encrypt/avoid.
- File extension and ransom note to use.
It is important to add that ransomware's creators prohibit affiliates from using the malware to compromised health facilities or public organizations and non-profit associations.
Unfortunately, free decryption is not available when it comes to recovering files that the ransomware damages. However, victims of these attacks should not accept to pay a ransom fee. They should run an anti-malware tool to eliminate the threat, and then experiment with popular data recovery software.