Hog ransomware encrypts its victims data using AES-256 algorithm and ask them to join there Discord Server as a ransom payment. Once its done its work, DECRYPT-MY-FILES.exe is executed to tell user about how to get there files back.
A Discord token allows the ransomware to authenticate to Discord's APIs as the user and check if they joined their server. If the victim has joined the server or the server does not exist, the ransomware will decrypt the victims files using a static key embedded in the ransomware.
Hog may appear harmless in practice, since its victims can easily get their files back, this, however raises questions on real motives of these threat actors. It could be at an early experimentation phase, and it could be just the first example of a new wave of ransomware strains that are asking for all kinds of weird things.
Hog Ransomware Signatures
Hog Ransomware Download