The newest ransomware block named NitroRansomware has been detected to be demanding Discord Nitro gift codes as ransom from there victims.
A twist in the tale of Ransomware-
This ransomware was detected first by MalwareHunterTeam and the other researchers helped in analysis of the working of the code.
- This was distributed as a free gift code generator for discord nitro. Once the ransomware is executed, the victim’s files get encrypted and a three-hour time limit for providing a valid Nitro.
- The encrypted files have an extension .givemenitro and the encryption process ends with the change of wallpaper to an evil or angry Discord logo.
- After the discord gift card is provided, the ransomware verifies the gift code and decrypts the files using static decryption keys.
- According to BleepingComputer, because of the static nature of the key, it can be obtained from the executable itself and it won’t be necessary for the victim to pay $9.99.
After Infection-
After the infection, the ransomware steals discord token an attempt to hack the server. In addition, it also implements backdoor capabilities that helps them remotely execute command.
The recent such attacks-
- The threat actors sold 895,000 stolen gift cards in February for a price of $20,000(valued at 38 million). They also sold 330,000 stolen payment cards for a buy-ow price of $15,000.
- The subway loyalty program members were sent spam mails last year which lured them into downloading malware.
Conclusion-
It is suggested by the security researchers that in case of infection with this ransomware, the user should change their password for discord and undergo a full system scan to rule out any infectious malware that may be introduced to the system. They should remove any account to their windows that they did not create.