September 1, 2021 By David Bisson 2 min read

Ransomware gangs have a new technique to recruit affiliates: posting announcements on their own data leaks websites. This provides a look into today’s so-called ransomware-as-a-service (RaaS), in which people can pay to have some of the work automated for them. This shift has come about in large part because two major ransomware forums banned gangs from promoting their RaaS schemes.

Take a look at what types of messaging a few groups are using on their sites to invite attackers in.

Boasting and Warnings Abound

In late June, the LockBit group announced a new version of their ransomware strain on their data leaks site. The malware authors announced a new recruitment session at the same time as their announcement of LockBit 2.0.

The gang claimed their product carried “unparalleled benefits [including] encryption speed and self-spread function.” All an affiliate needed to do in an attack was “get access to the core server, while LockBit 2.0 will do all the rest.” Then, the infection would spread to all devices on the domain network, they stated.

The Himalaya RaaS gang began looking for new recruits on its data leaks site at around the same time. The gang claimed that affiliates could keep 70% of whatever profits they made in their attacks using the authors’ “already configured and compiled FUD [Fully UnDetectable]” malware. The group also imposed limits, saying that affiliates were not allowed to target health care organizations, non-profits and public entities.

Digital Crime Forums Not as Friendly as Before

The LockBit and Himalaya groups’ new recruitment tactic reflects a larger change in the crypto-ransomware threat landscape. This change first became evident in mid-May 2021 following a high-profile ransomware infection involving a pipeline company. As reported by KrebsonSecurity, an admin on the Russian digital crime forum XSS announced that the forum would no longer allow members to post about ransomware programs like for-profit RaaS schemes.

Around that same time, the Exploit digital crime forum also announced that it was banning members from posting ads to hire RaaS recruits.

How to Defend Against Ransomware Attacks

So long as it lets them make money, ransomware authors will always find new ways to recruit new partners to their cause. That’s why it’s important for businesses and agencies to revisit their defenses on an ongoing basis.

For instance, make sure you have multi-factor authentication (MFA) on the accounts of all employees and contractors. Doing this will help to prevent ransomware attackers from gaining access to a privileged account. That’s true even if they pull off a successful phish and misuse that access to deploy their payload.

Organizations can then balance their MFA scheme by deploying a user behavior analytics solution. This can help to alert security teams if and when someone succeeds in getting access to an authorized account.

More from News

What is the Open-Source Software Security Initiative (OS3I)?

3 min read - The Open-Source Software Security Initiative (OS3I) recently released Securing the Open-Source Software Ecosystem report, which details the members’ current priorities and recommended cybersecurity solutions. The accompanying fact sheet also provides the highlights of the report. The OS3I includes both federal departments and agencies working together to deliver policy solutions to secure and defend the ecosystem. The new initiative is part of the overall National Cybersecurity Strategy. After the Log4Shell vulnerability in 2021, the Biden-Harris administration committed to improving the security…

Europe’s Cyber Resilience Act: Redefining open source

3 min read - Amid an increasingly complex threat landscape, we find ourselves at a crossroads where law, technology and community converge. As such, cyber resilience is more crucial than ever. At its heart, cyber resilience means maintaining a robust security posture despite adverse cyber events and being able to anticipate, withstand, recover from and adapt to such incidents. While new data privacy and protection regulations like GDPR, HIPAA and CCPA are being introduced more frequently than ever, did you know that there is new…

Feds release urgent guidance for U.S. water sector

3 min read - The water and wastewater sector (WWS) faces cybersecurity challenges that leave it wide open to attacks. In response, the CISA, EPA and FBI recently released joint guidance to the sector, citing variable cyber maturity levels and potential cybersecurity solutions. The new Incident Response Guide (IRG) provides the water sector with information about the federal roles, resources and responsibilities for each stage of the cyber incident response lifecycle. Sector owners and operators can use this information to augment their incident response…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today