It's a pretty unusual situation.
Indeed, ransom program is currently circulating which has a rather special character.NitroRansomware is what he calls himself. His fame comes from the fact that he asks $9.99 to unlock the computers he infected. Whereas in some cases the operators behind the ransomware tend to demand thousands or even millions of dollars as ransom. What could explain this situation?
This article will also interest you: Ransomwares: Why be afraid of it?
According to analyses by the online media outlet Bleeping Computer, the ransomware in question is also called Discord Nitro. This makes the computer security researcher think that his operators are quite interested in Nitro subscriptions. It is also a malicious program that was detected by a group of researchers, MalwareHunterTeam. In a Twitter post on Saturday, the group of researchers said: "There is a ransomware called Nitro Ransomware. "There is no other way to open it than if you have the decryption key. You have less than 3 hours to give us Discord Nitro." It actually checks if you're in."
But beyond several other groups have been interested in this rather atypical ransomware. It was held by them that the malware is distributed as a gift code for Nitro. "When the ransomware is executed, it will encrypt the victim's file and give them three hours to [code]provide a valid Nitro Discord," Cezarina Chirica, a researcher at Heimdal Security, a security firm interested in malware, said in a release on Monday. "The malware adds the '.givemenitro' extension to file names in encrypted files. At the end of an encryption process, NitroRansomware will change the user's wallpaper into a diabolical or angry Discord logo. she adds.
With regard to these features, it would seem that the program in question is quite sophisticated. Researcher Cezarina Chirica explains. "NitroRansomware also delivers backdoor capabilities, allowing hackers to execute commands remotely and then send the output via their webhook to the attacker's Discord channel." To do this, it recommends that users who have been affected by this malware immediately change the various passwords, especially discord's. Do some scans with their antivirus solutions to detect if other programs have not been added to their terminals. Make sure that other Windows accounts have not been added to yours, otherwise delete them without delay.
The second question raised by the modus operandi of this malware is the method of payment. Indeed the gift codes. Why $9 gift codes?
"Obviously, this one's a bit stupid, but BEC realized some time ago that iTunes and other gift cards are perfect for money laundering – make sure the victim buys multiple gift cards, and then a criminal infrastructure exists for the resale of gift cards, the laundering of fake ebooks, apps, etc.," cybersecurity researcher Kevin Beaumont said on Twitter.
The evening then very well calculated on the part of the behind NitroRansomware. They can do use the gift codes they will collect as a result of this campaign. According to Gemini Advisor, there are two possibilities for hackers to monetize gift shots. Either they use them to make purchases of physical material goods, or he decides to sell it in the market dedicated to the gift card. "In a[un] system, cyber criminals would use stolen payment cards to buy gift cards and then sell them to Cardpool,[un marché de cartes de crédit]" says the Gemini Advisor report. "If a bank were to determine that the gift card had been purchased with a stolen payment card, it could connect with the commercial bank or gift card sellers who issued the gift card and ask them to cancel the gift card. Unfortunately, this process can be tedious and time-consuming, making it a rare event and providing cyber criminals with a wider window of time to complete their program. ».
Now access an unlimited number of passwords: