A new ransomware called ‘Hog’ encrypts users’ devices and only decrypts them if they join the developer’s Discord server. Ransomware uses a Discord token to authenticate to Discord’s APIs and check if the victim has joined the server or the server does not exist. If the victim joins the Discord server, the ransomware will decrypt the victims’ files using a static key embedded in the ransomware. While this appears to be an in-development, it does illustrate how threat actors are beginning to use Discord more often for malicious activities.
Source: https://www.bleepingcomputer.com/news/security/new-ransomware-only-decrypts-victims-who-join-their-discord-server/