Security News > 2021 > March > New ransomware only decrypts victims who join their Discord server
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.
This week, security researcher MalwareHunterTeam found an in-development decryptor for the Hog Ransomware that requires victims to join their Discord server to decrypt their files.
BleepingComputer was later able to find the encryptor component [VirusTotal] for the ransomware, which, when executed, will check if a particular Discord server exists, and if it does, begins to encrypt the victims' files.
A Discord token allows the ransomware to authenticate to Discord's APIs as the user and check if they joined their server, as shown by the source code below.
If the victim has joined the server or the server does not exist, the ransomware will decrypt the victims' files using a static key embedded in the ransomware.
Another ransomware known as Humble was recently discovered by Trend Micro that uses a webhook to post details about new victims to the threat actor's Discord server.
News URL
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)