New ransomware detected that is named HOG which encrypts user’s data of those who are using the Discord server.

According to the investigation, the security researcher identified that in-development decryptor the HOG Ransomware is encrypting the victim’s data who are connected to Discord server that decrypt their files.

Working of HOG Ransomware

However, the experts have also discovered the component named as VirusTotal which is executed and check all the list of Discord server that exists and starts encrypting the victim’s files. As the ransomware starts encrypting the files it will display as .hog extension, shown below.

The Hog Ransomware Decryptor will elaborate the victims that explained what happened to the victims and then it will force them to enter the token used in the Discord server. After that, the tokens authorize the ransomware to verify Discord API as the user and also check about the users who are joined their servers.

In case the users join the server created by the hackers or the server that doesn’t exist, then the ransomware starts working and decrypt the user’s data with the help of a static key that was already embedded in the ransomware.

Summering Up

Therefore this ransomware is called in-development ransomware that shows how the hackers have used Discord for other malicious activities. Apart from this another ransomware we detected named Humble, which is responsible for posting the details of users to the hacker using the Discord server.

Discord server is also used by delivering multiple malware or stealing data, the hackers modified the server and it is very dangerous for the organization who are connected and working on the server. The hackers also bypass the security tools and monitor Discord traffic or other behavior of the users.