Security News > 2021 > April > Discord Nitro gift codes now demanded as ransomware payments
In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files.
While most ransomware operations demand thousands, if not millions, of dollars in cryptocurrency, Nitro Ransomware deviates from the norm by demanding a $9.99 Nitro Gift code instead. Based on filenames for NitroRansomware samples shared by MalwareHunterteam and analyzed by BleepingComputer, this new ransomware appears to be distributed as a fake tool stating it can generate free Nitro gift codes.
A ransomware screen will then be displayed demanding a free Nitro gift code within three hours, or ransomware will delete the victim's encrypted files.
When a user enters a Nitro gift code URL, the ransomware will verify it using a Discord API URL, as shown below.
As the decryption keys are static and are contained within the ransomware executable, it is possible to decrypt the files without actually paying the Nitro gift code ransom.
In addition to encrypting your files, the Nitro Ransomware will also perform other malicious activity on a victim's computer.