New Discord Ransomware | Summary and Q&A

TL;DR

A new ransomware called ax Locker not only encrypts files but also steals Discord tokens, posing a threat to users' data and accounts.

Key Insights

• 👤 Ax Locker ransomware combines file encryption with the theft of Discord tokens, creating a double threat to users' data and accounts.
• 🤩 The ransom note provides instructions to victims in order to obtain a private decryption key and pay the ransom in cryptocurrency.
• 🚒 The ransomware appears to be a variant of the hidden tier project and is detectable by 52 antivirus engines.
• 👶 Ax Locker ransomware demonstrates a new level of stealth by not visually altering encrypted files, making them appear normal.
• 💁 The fact that the ransomware utilizes Discord servers to collect stolen information highlights a potential vulnerability in the platform's security.
• 📁 The ransomware avoids encrypting certain directories, such as Windows, to prevent system crashes.
• 💁 Ax Locker ransomware sends sensitive user information, including computer name, username, and IP address, to a Discord server.

Transcript

so today we've got another Discord ransomware to talk about this one is called ax locker and as we run it you're going to see what it does very shortly deletes itself disappears classic magicians trick nothing happens for a moment and then boom you've got the pirate skull and bones on your computer this can't be good but what's special about this r... Read More

Questions & Answers

Q: How does ax Locker ransomware disguise encrypted files?

Ax Locker does not rename or visually alter files, making them appear unchanged even though they are encrypted. This makes it difficult for users to identify which files are compromised.

Q: What happens if a user tries to close ax Locker ransomware?

If a user tries to close ax Locker, an error message in the style of Windows XP pops up. This is likely a tactic to prevent users from easily terminating the ransomware.

Q: How does ax Locker ransomware spread?

Ax Locker is typically spread through large file formats, such as zip or raw files. Attackers compress these files and send them to unsuspecting victims, often with a password for added security. Users should be cautious when receiving password-protected files from unfamiliar sources.

Q: What steps can users take to protect themselves from ax Locker ransomware?

Users should exercise caution when opening files sent via Discord, especially if they are large games or from unknown sources. Additionally, it is essential to maintain a backup of important data and utilize robust cybersecurity measures.

Summary & Key Takeaways

• Ax Locker ransomware deletes itself after infecting a computer, making it difficult to detect. It then displays a pirate skull and bones image as a warning.

• Unlike other ransomware, ax Locker does not visually change files, making them appear normal even though they are encrypted.

• The ransomware also steals Discord tokens, potentially giving attackers access to users' accounts.