NitroRansomware accepts payment with gift codes for Discord Nitro

Bleeping Computer reported on the ransomware NitroRansomware, which encrypts victims’ files, steals information from browsers, and then demands Discord Nitro gift codes to pay the ransom.

Although Discord itself is free, users can purchase a Nitro subscription for $9.99 a month, which provides access to premium features including increased download size, improved emoji, animated avatars, and more.

Moreover, a Nitro subscription can be applied both to your account and bought as a gift for another person. In the second case, the buyer will be provided with a URL in the format [[code]], which can then be shared with another Discord user.

Unlike other ransomware, NitroRansomware ransomware does not require huge amounts of cryptocurrency from its victims, but a $9.99 gift code for Nitro. Bleeping Computer journalists say.

Based on the filenames from the NitroRansomware samples provided to MalwareHunterteam reporters, the ransomware is being distributed under the guise of a fake tool to generate free Nitro gift codes. Once launched, the malware encrypts the victim’s files and adds the .givemenitro extension to them.

The ransomware will then change the user’s wallpaper and show a ransom screen, demanding to provide a free Nitro gift code within three hours, otherwise the malware threatens to delete all encrypted files. This, according to journalists, is an empty threat and NitroRansomware does not delete files when the timer reaches all zeros.

NitroRansomware Discord Nitro
When a user provides malware with a Nitro gift code URL, the ransomware validates it using the Discord API, as shown below. If the gift code link is valid, the ransomware will decrypt the files using the built-in static decryption key.

Since the decryption keys are static and are contained in the executable file of the malware, the files can be decrypted without paying the ransom.the publication emphasizes.

Unfortunately, the ransomware is not limited to data encryption alone. Attackers also try to steal the victim’s Discord tokens (authentication keys associated with a specific user) and steal data from Chrome, Brave and Yandex Browser browsers. Because of this, victims of NitroRansomware are advised to change their Discord password immediately after the attack.

Overall, it is a funny extortionist. But there are also quite cute ones, for example, I wrote that Ziggy ransomware operator returns money to victims.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.