Security researchers have warned of a new ransomware variant that not only encrypts the victim’s files but also attempts to steal data by enabling a Discord account takeover (ATO).
AXlocker
The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users.
Once triggered, the malware(opens in new tab) targets specific file extensions and avoids some folders. It encrypts the files using the AES algorithm, but it doesn’t change their extensions – they remain with their normal filenames. It demands payment in cryptocurrency and gives users 48 hours to comply.
When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as the user or to issue API requests that retrieve information about the associated account.
While the NFT and crypto community is used to cyberattacks and various criminals going after their digital belongings, stealing Discord tokens in the process makes this ransomware attack a lot more potent.
Unfortunately, there isn’t an easy solution for files that have been encrypted. Documents, images, videos, and even zip files are targeted, and the ransom note indicates that you only have 48 hours to respond and instructs you to leave the computer on. There are no further details given about what might happen if you do not comply.
“Threat actors are increasingly attempting to maintain a low profile to avoid drawing the attention of law enforcement agencies,” it concluded.
AXLocker Indicators Of Compromise
We have few IOCS from cyble
| Indicators | Indicator type | Description |
| ab2c19f4c79bc7a2527ab4df85c69559 60a692c6eaf34a042717f54dbec4372848d7a3e3 d51297c4525a9ce3127500059de3596417d031916eb9a52b737a62fb159f61e0 | MD5 SHA-1 SHA256 | AXLocker Ransomware executable |
| 07563c3b4988c221314fdab4b0500d2f a5f53c9b0f7956790248607e4122db18ba2b8bd9 0225a30270e5361e410453d4fb0501eb759612f6048ad43591b559d835720224 | MD5 SHA-1 SHA256 | AXLocker Ransomware executable |
| a18ac3bfb1be7773182e1367c53ec854 c3d5c1f5ece8f0cf498d4812f981116ad7667286 c8e3c547e22ae37f9eeb37a1efd28de2bae0bfae67ce3798da9592f8579d433c | MD5 SHA-1 SHA256 | AXLocker Ransomware executable |
| 9be47a6394a32e371869298cdf4bdd56 ca349c0ddd6cda3a53ada634c3c1e1d6f494da8a 9e95fcf79fac246ebb5ded254449126b7dd9ab7c26bc3238814eafb1b61ffd7a | MD5 SHA-1 SHA256 | AXLocker Ransomware executable |
| ad1c2d9a87ebc01fa187f2f44d9a977c 03d871509a7369f5622e9ba0e21a14a7e813536d d9793c24290599662adc4c9cba98a192207d9c5a18360f3a642bd9c07ef70d57 | MD5 SHA-1 SHA256 | AXLocker Ransomware executable |
| 346e7a626d27f9119b795c889881ed3d ce25203215f689451a2abb52d24216aec153925a 9a557b61005dded36d92a2f4dafdfe9da66506ed8e2af1c851db57d8914c4344 | MD5 SHA-1 SHA256 | Octocrypt Ransomware executable |
| 5a39a2c4f00c44e727c3a66e3d5948c2 07e7341b86ace9935c4f1062d41a94f3b31f9bf6 65ad38f05ec60cabdbac516d8b0e6447951a65ca698ca2046c50758c3fd0608b | MD5 SHA-1 SHA256 | Octocrypt Ransomware executable |
| 2afdbca6a8627803b377adc19ef1467d 13a0ce1c3ac688c55ba3f7b57fb6c09ad0e70565 e65e3dd30f250fb1d67edaa36bde0fda7ba3f2d36f4628f77dc9c4e766ee8b32 | MD5 SHA-1 SHA256 | Octocrypt Ransomware UPX packed executable |
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment