Nitro Ransomware Spread Through Fake Discord 'Nitro Membership Generator'

vegalocker ransomware

A new piece of ransomware is being spread on the Internet by going under the disguise of a hacking tool meant to provide its users with free access to a Discord Nitro membership. 'Nitro' is the name of Discord's premium membership program, which typically costs $9.99/month and provides users with access to a long list of perks. However, there are no free tools to help you obtain this – the fake hacking tool described above will actually deploy a copy of the Nitro Ransomware. This is a file-locker designed to encrypt a wide range of file types and then extort their owner for money.

Typically, ransomware creators offer a decryption service, which can be paid via Bitcoin or a similar cryptocurrency. Nitro Ransomware's creators, however, have a different plan – they ask their victim to purchase a Discord Nitro membership code and enter it to unlock their files. Surprisingly, this method works since the Nitro Ransomware is able to check the validity of the code and initialize the decryption process if it is valid. However, we would not advise you to pay the ransom fee since it is very likely that a free decryptor for the Nitro Ransomware might be released soon.

File-locking is not Nitro Ransomware's only feature – it can also work as a Discord token stealer, which might enable the hackers to break into the Discord profile of the victim. Furthermore, the Nitro Ransomware enables its operators to execute remote code on the compromised machine and then receive the output in their custom-built Discord server. This is not the first malware sample to use a Discord server as a command-and-control server.

The files that the Nitro Ransomware locks will have the '.givemenitro' added to their name and the ransom message will be spawned in a new program window. According to the message, victims have three hours to enter a valid Nitro code, otherwise their files will be deleted permanently. Thankfully, this is a bluff and nothing happens after the three-hour countdown expires.

Remember that apps that offer free generation of premium membership for services like Discord do not exist – trying to run them is likely to get your computer infected with malware. If the Nitro Ransomware has damaged your files, we advise you to run an antivirus tool to eliminate the threat and then wait for a free decryption tool to be released.

April 20, 2021

Leave a Reply