Discord accounts targeted by new AXLocker ransomware

Discord accounts are being stolen by the new AXLocker ransomware family, in addition to performing file encryption, reports BleepingComputer. Cyble researchers discovered that execution of AXLocker would promptly target particular file extensions while excluding key folders. After encrypting files using the AES algorithm, AXLocker proceeds to leverage a webhook URL to facilitate the delivery of victim ID, system details, browser-stored data, and Discord tokens to attackers' Discord channel, while the Discord token is being exfiltrated by scanning seven key directories. Victims of AXLocker will be given a pop-up with the ransom note that gives them a 48-hour deadline to communicate with attackers. However, no ransom amount is detailed in the note. The report noted the significant threat of AXLocker ransomware to large communities, which should prompt individuals whose computers have been encrypted by AXLocker to immediately replace their Discord passwords in an effort to prevent further account, data, and community compromise.