Hog ransomware encrypts its victims data using AES-256 algorithm and ask them to join there Discord Server as a ransom payment. Once its done its work, DECRYPT-MY-FILES.exe is executed to tell user about how to get there files back.
A Discord token allows the ransomware to authenticate to Discord's APIs as the user and check if they joined their server. If the victim has joined the server or the server does not exist, the ransomware will decrypt the victims files using a static key embedded in the ransomware.
Hog may appear harmless in practice, since its victims can easily get their files back, this, however raises questions on real motives of these threat actors. It could be at an early experimentation phase, and it could be just the first example of a new wave of ransomware strains that are asking for all kinds of weird things.
Hog Ransomware Signatures
Family: Ransom:MSIL/Hog.DA!MTB
MD5: bb90e0f1b311001afbda19c105c35557
SHA256: 209eeb95b61cb7114baa21b7599641e34e825a4887ad0466c2cf2ac3cb4c4695
Hog Ransomware Download