"New Ransomware Encrypts Files, Then Steals Your Discord Account"

In addition to encrypting victims' files and requesting a ransom payment, the new "AXLocker" ransomware family also steals infected users' Discord accounts. Discord sends back a user authentication token saved on the computer when a user logs in with their credentials. This token can be used to log in as the user or to issue Application Programming Interface (API) requests that get information about the associated account. Because they allow them to hijack accounts or use them for additional malicious attacks, threat actors often try to steal these tokens. Since Non-Fungible Token (NFT) platforms and cryptocurrency groups have chosen Discord as their community of choice, threat actors may be able to conduct scams and steal money if they manage to get their hands on a moderator token or those of another verified community member. A recent analysis of a sample of the new AXLocker ransomware by Cyble researchers revealed that it not only encrypts files but also steals the Discord tokens of its victims. The ransomware will target particular file extensions and exclude particular folders when it is activated. Although this ransomware targets consumers rather than businesses, it could still pose a serious threat to sizable communities. Users should change their Discord password if they discover that AxLocker has encrypted their computer because doing so will invalidate the token that the ransomware has stolen. This article continues to discuss findings regarding the new AXLocker ransomware family.

Bleeping Computer reports "New Ransomware Encrypts Files, Then Steals Your Discord Account"