Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord server
However, it only accepts requests to decrypt the file if the victim participates in the Discord server controlled by the people behind the malware.
More specifically, security researcher from MalwareHunterTeam just found a decryptor developed for 'Hog ransomware', which requires victims to join the Discord server if they want their files to be resolved. code.
The encryptor of the malicious code was later discovered. When executed, it checks to see if a particular Discord server exists and, if so, will start encrypting the victim's file.
When successfully encrypting a victim's file, the malicious code appends the .hog extension to the file extension as shown below, and automatically extracts the decoder component.
After Hog has encrypted the target device, it will immediately launch the DECRYPT-MY-FILES.exe decoder from the Windows Startup folder.
This decoder will explain the victim in detail what happened to them, and then prompt the victim to enter the Discord user token created specifically for them.
If you don't already know, Discord is a voice and text chat system that allows you to communicate with others. Anyone can create a discussion host whatever they want. You can find people to talk to about Valkyrie and form teams at most times of the day. Learn more about Discord in THIS article.
The Discord token allows the ransomware to authenticate against the Discord APIs as users and check if they join their server, as shown by the source code below.
If the victim joined the server or the server doesn't exist, the ransomware decrypts the victim's files using the static key embedded in the ransomware.
While this appears to be a ransomware in development, it does show a tendency for threat actors to start using Discord more often for malicious activities.
Another ransomware named Humble was recently spotted by Trend Micro, using a webhook to post details about the new victims to the hackers' Discord server.
In addition, Discord is often used by threat agents to spread malware or collect stolen data.
In the face of this situation, it is important that administrators and network security tools increase the deployment of Discord traffic monitoring for early detection of threats or unusual behavior.
Isabella HumphreyYou should read it
- Why is Ransomware the perfect hack?
- Even DSLR cameras can be easily attacked by ransomware
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.
- Shade Ransomware stopped working, apologized to the victims, and released 750,000 decryption keys
- Forecast 2021: The world of security will be devastated by ransomware '
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- List of the 3 most dangerous and scary Ransomware viruses
- No More Ransom - the flag of the war against ransomware
May be interested
- Ransomware uses WinRAR to lock victim's data
because the encryption method is constantly being exposed by security software, ransomware called memento used winrar to lock the victim's data. - New ransomware detection not only encrypts files but also helps 'clean up' the systemrxomware vxcrypter is the first ransomware in the world that not only encrypts the victim's data but also helps clean up their computers by deleting duplicate files on the system.
- A ransomware declared decommissioned and refunded the ransom to the victimdeclared decommissioning and returning the ransom to the victim are certainly extremely rare in the world of ransomware.
- What is Ransomware Task Force (RTF)?ransomware has become one of the top security threats in the past three years. the first ransomware strain and one of the worst nightmares in the history of global cybersecurity - wannacry - was discovered in may 2017.
- How to directly join Discord voice chat from Xboxusing xbox and discord's built-in chat can help expand your online gaming experience and break down barriers between gaming platforms.
- Detecting a new ransomware strain that specializes in stealing login information from the Chrome browsera ransomware strain called qilin was recently discovered using a relatively sophisticated tactic, with high customization capabilities, to steal account login information stored in the google chrome browser. .
- How to prevent Discord from hanging, freezing in Windows 10/11you're in your discord server, playing games, chatting with friends, etc., and then discord crashes or freezes at a critical moment.
- How to change your nickname on the Discord serverdiscord allows you to freely set a different nickname for yourself in each participating server for a new and more enjoyable experience.
- Warning: Ransomware is spreading through fake malicious Windows updatesnamed magniber, this dangerous ransomware strain has been around on the internet for a while, and ranks in the dangerous group with its diverse infectivity.
- List of the 3 most dangerous and scary Ransomware viruseswhile security solutions to protect us from threats, hackers are increasingly improving, while malicious programs (malware) are also becoming more and more 'cunning'. and one of the recent threats is how to extort money through ransomware.
Attack the network
- Phishing attack: The most common techniques used to attack your PC
- Masslogger - malicious code possesses the ability to steal all the login information of Chrome, Edge Outlook of the target
- Warning: The malware campaign hides the shadow of gift emails from Amazon
- Google Project Zero reveals a serious privilege escalation vulnerability in Windows
- What is Ransomware Task Force (RTF)?
- Google revealed a critical flaw in Qualcomm's Adreno GPU
Phishing attack: The most common techniques used to attack your PC
Masslogger - malicious code possesses the ability to steal all the login information of Chrome, Edge Outlook of the target
Warning: The malware campaign hides the shadow of gift emails from Amazon
Google Project Zero reveals a serious privilege escalation vulnerability in Windows
Google revealed a critical flaw in Qualcomm's Adreno GPU