Has your photos, documents, excel sheets, audio files, videos got encrypted? Do you use Discord server ? Can you see that their file name got renamed and appended with .hog extension? Actually this is an indication that your PC has been targeted with a new ransomware named as Hog Ransomware that seeks victims to join its Discord server if they want their files to get decrypted. Yes a new ransomware is released in the wild that’s known to lock and encrypts victim’s files and force them to join their Discord server. This has been discovered by Malware Researchers of InfoSec. Hog Ransomware gets activated after its execution by hackers to check and find out specific Discord server whether it exists and once found it starts encrypting victims files and data.
As soon as hog ransomware starts encrypting files, it renames the file with .hog file extension and at the same time it extracts decryption program. Once the encryption process is accomplished, Hog Ransomware launches and imitates DECRYPT-MY-FILES.exe which is stored and located in Windows Startup Folder. Eventually victims will get a message via decryption tool that reads
“Your personal Files are encrypted by Hog Ransomware using AES-256 encryption. All the files are appended with “.hog” file extension has been appended. It further states that users should not attempt to remove and rename the files. Doing so will result is irreversible data loss.”
If victims want to decrypt their files they need to join our Discord Server. After they have joined they need to provide and enter their Discord account Token in the box given below as indicated in the image.
After that victims need to press on Decrypt Files option. Once the victims will join the Discord server their files will be processed and decrypted. Actually a Discord Token is required for the process to authenticate Discord’s API of the user. Since it will only be generated after victim has joined Discord Server. So if the results of checking turns out to be positive and token is authenticated the decryption tool will restore the locked files with the help of static private key found embedded in Hog Ransomware itself. So it does not demands any ransom fee and this is enough to indicate that Hog Ransomware is in its early stages of development phase. Although it can be worrisome development in future