Bleeping Computer is reporting yet another ransomware. This one, called “Hog”, encrypts devices like the others. But it only decrypts them if they join the developer’s Discord Server.
A Discord token actually allows the ransomware to authenticate to Discord’s API and check, and then when joined (or if the server does not exist), the ransomware decrypts the files.
Why do we care?
In the spirit of continual learning, and for those of us not instantly understanding of the intent… here’s why. This is a way to test ransomware builds in the wild. Not that you really needed more evidence of how smart these actors are.
What they are doing is programmatically testing their builds. This creates an automatic feedback loop.
Just because it’s a theme for me lately… it’s ecommerce.
Source: Bleeping Computer