The malware strain named NitroRansomware is taking up a different approach towards money extortion. Instead of asking for real money, which most ransomware threats do, it asks its victims to send Discord Nitro gift codes as a ransom.
Initially, the malware appears to be a silly coding joke, but more detailed research reveals that significant harm may occur in subsequent attacks.
The threat is known to be distributed as a free Nitro gift-code generator that once downloaded activates a file-encryption process in the background of the system.
The malicious actors behind NitroRansomware seem to be particularly interested in Nitro subscriptions and ask for $9.99 Discord Gift Codes in exchange for the decryption of the files the malware encrypts.
Discord is a popular VoIP platform that allows its users to send instant messages, voice-call, video-call and share media and files in private or as members of communities inside the platform.
An upgraded “Nitro” subscription in the platform (that costs $9.99) gives users access to larger upload sizes, HD video streaming, and a number of other features that get unlocked with the purchase of the subscription Discord Nitro codes.
The NitroRansomware victims become aware of the attack after the extension of their files gets changed to “.givemenitro” and their wallpaper gets replaced with an angry Discord logo. The hackers give a deadline of three hours to the victims to send them a valid Nitro code. After the code passes through verification, the ransomware decrypts the encrypted files with the help of a built-in static decryption key.
According to professionals who are researching the threat, however, the three-hour deadline seems to be a scareware trick because no files are deleted after the time is over. What is more, the analysis of the encryption shows that decryption of the files is possible even without sending a $9.99 Nitro code because the decryption code could be extracted from the executable itself.
What bothers researchers more is the possible follow-on attacks that may be much more serious. Analysis of the threat reveals that NitroRansomware is capable of stealing Discord tokens from the victims and that, according to security experts, enables attackers to hack Discord servers. NitroRansomware is also spotted to insert backdoors that allow for remotely executed commands by the malware operators.
Users infected with the ransomware are advised to update their Discord password and immediately scan their compromised computer for other harmful programs that could be inserted into the system. They also should check their computer for new Windows user accounts and remove them, if they find any.