Ransomware Groups Boast About Their Malware

Home » Cybersecurity Blog » Ransomware Groups Boast About Their Malware

Ransomware groups are becoming more boastful and even advertising for affiliates, according to a recent article. Read more to see which groups are more active and how to defend your organization.  Read More

Ransomware groups are becoming more boastful and even advertising for affiliates, according to a recent article. Read more to see which groups are more active and how to defend your organization.


As evidence of the worsening ransomware epidemic, brazen cybercriminals are now brazenly boasting about how well their malware performs as it encrypts their victims’ data. They’re doing so in an attempt to recruit hacker affiliates to grow their illicit operations.

According to BleepingComputer.com, two Russian forums previously used by ransomware groups to promote themselves recently banned them from doing so. This forced these bad actors to turn to alternate methods of advertising. So far, two of these groups have been found to be openly using their own websites for self-promotion and recruitment purposes.

LockBit’s hacker recruitment program

In June of 2021, after their attempts failed to convince the Russian forums to reconsider banning them, the LockBit ransomware group began bragging on their website about the newest version of their encryption malware. They claimed to have significantly increased the speed at which this tool encrypts the files of their victims and, as evidence that they can be trusted, posted results of tests to prove it. LockBit also boasted that its malicious encryption solutions have performed well since 2019.

Openly behaving as if they are a legitimate operation, LockBit, in connection with the release of their new malware version, announced a program to recruit hackers as affiliates. Per BleepingComputer, the group touted the easy-to-use functionality of their encryption tool, letting their potential business associates know that they need only to hack into core servers and let LockBit 2.0 do the rest of the work for them.

To reinforce their position among ransomware gangs and impress the cybercriminals they were attempting to partner with, LockBit also bragged that their encryption algorithm and their StealBit tool, used to abscond with their victims files, were the fastest of their kind in the world.

Himalaya: Criminals with a conscience?

Himalaya is another ransomware gang now using its own website to promote its unlawful activities.

It’s an up-and-comer in the Ransomware industry, having started operations in 2021 according to the BleepingComputer article.

This group has apparently established some sort of code of ethics, possibly to allow themselves to feel better about their unlawful activities or to position their organization as having a collective conscience in order to enhance their public image. They claim they don’t target non-profits, healthcare providers, or certain public service organizations and that they also prohibit their hacker affiliates from doing so.

In an attempt to recruit new hacker partners, Himalaya offers a generous 70% commission to those willing to join their affiliate network. Himalaya claims that their malware is “fully undetectable” and comes pre-configured for easy deployment.

Could this be a trend?

Many of the larger ransomware gangs obviously have an online presence but tend to limit things like affiliate recruitment to their own private networks. The actions of Himalaya and LockBit may, however, be indicative of things to come as the ransomware threat continues its trend of explosive growth and criminals are able to successfully evade arrest and prosecution.

Ransomware attackers love to require their victims to pay them using wire transfers and cryptocurrency because the money can be transferred anywhere and the transactions are harder for law enforcement agencies to track. There are often jurisdictional issues as well. If your attackers are in another country, officials in your home country may not be able to bring them to justice.

As more of these gangs form and get away with their attacks, more will likely begin to behave as if they are untouchable and publicly flaunt their criminal activities as Himalaya and LockBit have.

Conclusion: You must defend yourself

The behavior of some perpetrators of ransomware attacks seems to indicate that they aren’t concerned about getting caught.  Their recruitment activities are evidence that they are ramping up their unlawful activities.  No technical control is 100% effective and cybercriminals are continually coming up with new ways to defeat them.  Ransomware attacks often begin with phishing emails that make it through filters and reach their intended recipients.  This being the case, the burden of reducing the number of successful attacks falls primarily upon the shoulders of the potential victims. Organizations must ensure that their employees are trained to recognize the signs of an attack and report potential threats.


As a comprehensive threat detection and remediation service, CybriantXDR is an all-in-one cybersecurity service that will fit the needs of many organizations. Not only does this service increase the visibility of potential threats across your organization, but CybriantXDR also has a team of security analysts watching your systems 24/7 and prepared to assist with remediation when a credible threat is detected.

Learn more about CybriantXDR at cybriant.com/cybriant-xdr.