Security News > 2021 > April > NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money.

According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

Obviously this one is a bit dumb, but BEC realised a while ago iTunes gift cards and such are great for money laundering - get victim to buy multiple gift cards, then criminal infrastructure exists for reselling gift cards, laundering to fake ebooks, apps etc.

"Typically, compromised gift cards sell for 10 percent of the card value in the Dark Web; however, the 895,000 cards offered from the breach were priced at roughly 0.05 percent of the card value," according to Gemini, in an early April report.

"In [one] scheme, cybercriminals would use stolen payment cards to purchase gift cards and then sell the gift cards to Cardpool ," according to the report.

"If a bank were to determine that the gift card had been purchased with a stolen payment card, they could connect with the merchant bank or gift card vendors that issued the gift card and request they void the gift card. Unfortunately, this process can prove cumbersome and time-consuming, making it a rare occurrence and granting cybercriminals a wider time window to pull off their scheme."

News URL

https://threatpost.com/nitroransomware-discord-gift-codes/165488/