Hog Ransomware

The Hog Ransomware is a file-locking Trojan that encrypts media files so that they can't open. The Hog Ransomware generates a pop-up that recommends victims join the developer's Discord server for gaining access to the decryption or unlocking service, which it also drops onto the computer. Windows users should continue having backups on other devices for preserving their files and let appropriate security products remove the Hog Ransomware from infected PCs.

A Trojan that's not Going Whole Hog on Its Ransoms Exactly

File-locking Trojans tend to define themselves through the pursuit of profits, although there are exceptions, such as apparent cases of Trojans being decoys without any interest in gaining a ransom. An in-development threat that belongs to this category is leaving its developer's motive up in the air. While the Hog Ransomware's campaign isn't fully read to see the light of day, its file-attacking feature is more than functional.

Malware experts pinpoint the Hog Ransomware as a Windows-based threat that uses typical data-encrypting attacks for stopping files, such as Word DOCs or JPG pictures from opening. As usual, it leaves a campaign-specific extension, 'hog,' in the names of files for identifying them. However, there is a condition before it launches its attack – it requires the existence of a Discord server, which it checks before the encryption.

The Discord server also figures into the Hog Ransomware's dual-purpose ransom note and decryption or unlocking component. This executable file launches a pop-up that tells victims to visit the threat actor's server for the appropriate token to unlock the blocked media. In this instance, the token serves as a password, although its acquisition is free, unusually.

Fortunately, malware experts also can confirm a fallback condition. It provides decryption for users who manage to lock their files but can't join the server and acquire the unique token before the server shuts down.

Maintaining Caution Around the Web's Wild Animals

The Hog Ransomware is similarly-capable of harming data as other file-locker Trojans, even if its ransom and extortion aspects aren't complete. The abuse of Discord and similar free platforms for Trojan infrastructure isn't brand-new to these threats; our malware experts also point to the recent case of the Humble Ransomware or older examples like Turkey's Zeronine Ransomware. Offloading some of the work of server structural maintenance to innocent third-parties means that threat actors can focus more attention on other aspects of their Black Hat projects.

All probabilities are that future releases of the Hog Ransomware into the wild will include a premium unlocking service instead of its current, free model. Users should always have appropriate backups on other systems, such as removable drives, for serving their data recovery needs. Local backups like the Restore Points are almost always subject to deletion.

Since it's not yet in live distribution, there's little telling what infection methods the Hog Ransomware's author might use. However, most PC security and anti-malware tools should block typical drive-by-downloads and remove the Hog Ransomware preemptively.

The Hog Ransomware ropes Discord, usually more well-known for facilitating gaming communications, into being a Trojan's assistant. The outcome of that tactic has yet to show itself but will not be good for the owners of its encrypted media files almost invariably.