Himalaya Ransomware

A series of ransomware attacks against high-profile targets such as Colonial Pipeline brought unprecedented attention towards the operations of ransomware gangs both from government institutions as well as private infosec entities. Several Russian hacking forums found themselves forced to ban any topics or ads concerning ransomware threats to avoid the additional scrutiny they might bring. Ransomware gangs suddenly lost one of their better methods for hiring coders and attracting affiliates. While scrambling for solutions, some hacker collectives decided to start advertising their threatening creations and RaaS (Ransomware-as-a-Service) schemes on their own websites.

The Himalaya Ransomware group quickly adopted this tactic and published an ad for their services on their website. The group is a relatively new threat actor on the ransomware scene that appears to have been established at the start of 2021. The terms listed on their website appear to be consistent with what is the norm for RaaS groups. Himalaya offers to provide its affiliates with a fully configured and compiled FUD (Fully Undetectable) ransomware threat that is capable of impacting both x64 and x 86 Windows systems and employs the AES 256 cryptographic algorithm for its encryption process. In return, Himalaya will pocket 30% of all received ransoms. 

However, the hackers impose a couple of strict rules that their affiliates must follow. Apparently, the Himalaya hackers are either socially conscious or just want to avoid any potential ramifications so they forbid the deployment of their ransomware threat against health facilities, public organizations, and non-profit associations. Only private companies and individuals are allowed as valid targets.