Ransomware is a sad aspect of the present digital era, and following significant malware attacks like NotPetya and Maze, you might believe you’ve seen it all. NitroRansomware, however, has a fresh tactic up its bag. It requests a Discord gift card from victims rather than demanding cryptocurrencies as ransom payment.
Discord is a free chat application, as you may believe, and you’d be correct. Casual Discord users might not even be aware that the service has a premium tier. You can subscribe to Discord Nitro for $9.99 a month, which offers benefits like HD video streaming, more emoji, and larger file uploads. You have the option of receiving a gift link or applying your Nitro purchase to your account. The most recent ransomware aims to do that.
According to BleepingComputer, the spyware is said to enter computers by impersonating a program that lets users create free Nitro gift vouchers. Therefore, anyone who installs it will essentially get what they did not want. The documents folder is encrypted by NitroRansomware, which similarly to other ransomware types sets up shop and adds a.givemenitro extension to the encrypted files. Before the payment request appears, it also replaces the user’s background image with an irate version of the Discord logo (see above).
Ransomware victims have three hours to purchase a Nitro code and enter it in the box. The malware uses an embedded key to decrypt the files when a valid code is added. However, it does attempt to steal your data because, well, why not?
NitroRansomware copies the login tokens after finding the user’s Discord installation directory during installation. By logging in as that person, the virus creator could be able to spread their infection to more users. Additionally, it rummages through Yandex Browser, Brave Browser, and Google Chrome directories looking for interesting information. Change your Discord login and any other accounts that might have been hijacked by the browser attack if you think you’ve been infected with NitroRansomware.