DOGE-Trolling Ransomware Hackers Demand $1 Trillion In Chilling Attack
These DOGE ransowmare hackers demand a trillion dollar payment.
Update, April 25, 2025: This story, originally published April 23, has been updated with further details regarding the DOGE ransomware attack and information from a new FBI report about the FOG malware threat used following the latest trillion-dollar ransom note demand.
The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE by demanding a ridiculous extortion fee of, and I trust you are sitting down, one trillion dollars from victims. This one has Dr Evil written all over it. Here's everything you need to know about the DOGE ransomware attackers, the FOG malware they have adapted, and the nature of that outrageous ransom note demand.
Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves as seriously it would seem. I certainly hope that's the case as far as the DOGE ransomware attackers and the newly updated ransom note left for victims is concerned.
The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. The original threat was already bad enough, using a ZIP file with a deceptive shortcut to execute a multi-stage PowerShell infection chain exploiting a known Windows vulnerability, CVE-2015-2291, to gain kernel-level access and privilege escalation. The attack also, it has to be said, employed the political commentary and conspiracy theory tactic within the ransomware scripts and code. These included such things as 'The CIA didn't kill Kennedy you idiot. Oswald is a very deranged person that felt ostracized by his own country.'
Now, as detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read:
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.'
In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI
operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said.
'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars.
'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.'
'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro said, adding that 'the impact of a successful ransomware attack could still potentially cost enterprises financial loss and operational disruption,' regardless of the DOGE references and the trolling nature of the ransom note itself.
The security researchers noted that the FOG ransomware itself has compromised some 100 victims in the first three months of the year, before the DOGE-trolling started, it would seem. In January, there were 18 victims, 53 in February and 29 in March.
Trend Micro said that the de-obfuscated script in the ransom note executed a PowerShell command which performs a multi-stage operation: retrieving a ransomware loader (cwiper.exe), ktool.exe and other PowerShell scripts. 'It also opens politically themed YouTube videos and includes written political commentary directly in the script,' the report stated, which adds to the trolling-element of the attack.
FOG also takes your security very seriously, at least as far as stopping defenders from analyzing the malware is concerned. 'We have observed that prior to dropping its payload,' the security researchers confirmed, 'the malware investigated checks various indicators, such as processor count, RAM, MAC address, registry, and tick count, to detect a sandbox.' If any of these security checks should fail, then FOG will exit the entire process.
As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious.
Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Axios
38 minutes ago
- Axios
Proud Boys leaders pardoned by Trump sue over Jan. 6 convictions
Five leaders of the Proud Boys sued the federal government on Friday, alleging their constitutional rights were violated when they were prosecuted for their actions on Jan. 6, 2001. The big picture: The members of the right-wing extremist group, four of whom were convicted for engaging in seditious conspiracy, were among those pardoned in President Trump 's unprecedented act of clemency for defendants charged with participating in the Jan. 6 Capitol riot. They're seeking $100 million in restitution from the government. Zoom in: The federal civil rights suit, filed by Henry "Enrique" Tarrio, Ethan Nordean, Joseph Biggs, Zachary Rehl and Dominic Pezzola, also names individual FBI and DOJ employees. The Proud Boys members claim there was an "egregious and systemic abuse of the legal system and the United States Constitution to punish and oppress political allies of President Trump, by any and all means necessary, legal, or illegal." Between the lines: The Trump administration will now either have to defend the prosecutions against the men or pay damages from taxpayer funds to the extremist group. The DOJ did not immediately respond to Axios' request for comment. The FBI declined to comment on the pending litigation. Context: Prior to being pardoned, Tarrio was sentenced in 2023 to 22 years in prison after being found guilty of engaging in seditious conspiracy related to the Jan. 6 riot — the longest prison sentence handed down in the Jan. 6 cases. Biggs and Rehl were sentenced for seditious conspiracy and other charges in their Jan. 6 cases, with Biggs was sentenced to 17 years in prison and Rehl to 15 years in prison. Nordean was sentenced to 18 years in prison after also being found guilty of seditious conspiracy. Pezzola was sentenced to 10 years. While he was found not guilty of seditious conspiracy, he was convicted of of obstruction of an official proceeding, conspiracy to prevent Congress and federal law enforcement from their duties, and destruction of government property.
Yahoo
an hour ago
- Yahoo
Why Are Donald Trump and Elon Musk Fighting? A Timeline of Their Friendship and Explosive Fallout
Elon Musk publicly endorsed President Donald Trump during his 2024 presidential campaign After winning the election, Trump appointed Musk as part of his administration The Tesla CEO left the White House in late May 2025 after a disagreement over the president's recent spending plan, which sparked an online feud between themPresident Donald Trump and Elon Musk's friendship has gone south. During the 2024 presidential election season, Trump and Musk grew closer after the SpaceX founder publicly endorsed him and showed his support on the campaign trail. After Trump won the election, he brought Musk into the Oval Office to serve as co-lead of the Department of Government Efficiency (DOGE). On May 30, Musk left his role in the administration after a disagreement over the president's spending plan, otherwise known as the "Big, Beautiful Bill." In the days to follow, Trump and Musk began feuding online on June 5, exchanging a series of insults on social media. In one of his jabs made on X, Musk claimed that "Trump would have lost the election" without him. That day, Trump was asked about Musk's online comments during an Oval Office press conference, to which he admitted that their friendship had soured. "Elon and I had a great relationship. I don't know if we will anymore," he said, adding that he is "very disappointed" in Musk. From supporting each other to exchanging a war of words online, here's a timeline of Donald Trump and Elon Musk's friendship-turned-feud. On July 13, 2024, Trump was injured after a bullet grazed his ear during an assassination attempt at one of his campaign rallies in Pennsylvania. That evening, Musk shared a video of Trump in the moments after the incident on X, writing, "I fully endorse President Trump and hope for his rapid recovery." In mid-August 2024, Trump and Musk engaged in a friendly conversation over a livestream on X, in which they discussed immigration, the economy, and then-President Joe Biden and then-Vice President Kamala Harris, per The New York Times. During the two-hour conversation, Trump congratulated Musk, seemingly on his 2022 acquisition of the platform formerly known as Twitter, per the outlet. Days later, Musk wrote on X that he was "willing to serve," posting a photo of himself as a representative of the Department of Government Efficiency (DOGE). On Oct. 5, 2024, Trump returned to the site of the July assassination attempt, with his ally Musk there in full support. According to the Associated Press, the billionaire wore a black cap with the "Make America Great Again" slogan of Trump's campaign, and called himself "Dark MAGA" in his remarks. On Nov. 6, 2024, after being called the projected winner of the election, Trump gave a speech from his watch party and gave Musk a special shout-out. "Let me tell you, we have a new star. A star is born, Elon," Trump said, adding that Musk is an "amazing guy." Later in the speech, Trump added, "He's a character, he's a special guy, he's a Super Genius." A few days after winning the presidential election, Trump announced that the "Great Elon Musk" had been appointed to co-lead DOGE alongside former GOP presidential candidate Vivek Ramaswamy. "Together, these two wonderful Americans will pave the way for my Administration to dismantle Government Bureaucracy, slash excess regulations, cut wasteful expenditures, and restructure Federal Agencies - Essential to the "Save America" Movement," Trump said in a statement at the time. He added, "I look forward to Elon and Vivek making changes to the Federal Bureaucracy with an eye on efficiency and, at the same time, making life better for all Americans. ... I am confident they will succeed!" Ramaswamy left the role in January 2025 to pursue a gubernatorial campaign in Ohio, leaving Musk as the sole leader of DOGE. On Nov. 19, 2024, Trump attended a SpaceX "Starship" rocket launch in Texas alongside the SpaceX CEO. "I'm heading to the Great State of Texas to watch the launch of the largest object ever to be elevated, not only to Space, but simply by lifting off the ground," Trump wrote on Truth Social at the time. "Good luck to Elon Musk and the Great Patriots involved in this incredible project!" On Jan. 20, 2025, Musk attended Trump's inauguration in Washington, D.C., — and delivered a controversial speech at one of the events. "It is thanks to you that the future of civilization is assured," Musk said before delivering a one-armed salute that many believed resembled a Nazi-style gesture. Musk responded to the backlash the following month during an appearance on The Joe Rogan Experience. 'I did not see it coming,' he said, putting "not" and "see" together to sound like 'Nazi." In early March, Trump turned part of the White House's lawn into a temporary Tesla showroom to support Musk's company amid its struggles, per NBC News. Five Tesla vehicles were lined up on the driveway for Trump to inspect and show off, prompting him to call them 'beautiful' and claim he'd buy one himself. 'As soon as I saw it, I said, 'That is the coolest design,' ' Trump said of the Cybertruck model, per NBC News. After the showcase, Trump ultimately purchased a red Model S, valued at around $80,000. In an interview with CBS News in late May 2025, Musk said he was "disappointed" by Trump's signature tax and spending bill. "I was disappointed to see the massive spending bill, frankly, which increases the budget deficit, not just decreases it, and undermines the work that the DOGE team is doing," he explained. One day later, Musk announced that he was leaving the White House. "As my scheduled time as a Special Government Employee comes to an end, I would like to thank President @realDonaldTrump for the opportunity to reduce wasteful spending," he wrote on X. They met in the Oval Office for a final joint press conference on May 30, in which the billionaire wore a black "DOGE" cap and a shirt that read "The Dogefather." Shortly after parting ways with the White House, Musk continued to speak out about Trump's spending bill on X, writing that he couldn't "stand it anymore." "This massive, outrageous, pork-filled Congressional spending bill is a disgusting abomination," he wrote. "Shame on those who voted for it: you know you did wrong. You know it." The budget legislation passed the House of Representatives on May 22. According to the nonpartisan Congressional Budget Office, it funds tax cuts and increased military spending in part by slashing federal health and energy programs, while potentially adding an estimated $3.8 trillion to the national deficit. One day after Musk called Trump's bill an "abomination," their feud escalated online as they continued to insult each other over social media in a series of posts. It began with Musk further criticizing the bill, leading him to resurface Trump's old posts from the 2010s, including one in which Trump said he was "embarrassed" to be a Republican in 2013 and several that expressed contrary viewpoints to the "Big Beautiful Bill." They then went back and forth for hours throughout the day, prompting Trump to threaten to cut billions in federal subsidies and tax cuts for Musk's companies in a post on Truth Social. 'The easiest way to save money in our Budget, Billions and Billions of Dollars, is to terminate Elon's Governmental Subsidies and Contracts,' he wrote, per The New York Times. 'I was always surprised that Biden didn't do it!' Musk continued to make explosive comments, writing on X, "Time to drop the really big bomb: @realDonaldTrump is in the Epstein files. That is the real reason they have not been made public. Have a nice day, DJT!" He followed up in another post, "The truth will come out." Trump had been previously linked to disgraced financier and pedophile Jeffrey Epstein, after his name was mentioned seven times in flight logs released earlier in 2025. Later that day, White House press secretary Karoline Leavitt called Musk's claims an "unfortunate episode" in a statement to CNN. 'This is an unfortunate episode from Elon, who is unhappy with the One Big Beautiful Bill because it does not include the policies he wanted," Leavitt said. "The President is focused on passing this historic piece of legislation and making our country great again." On June 6, Trump told CNN that he is "not even thinking about Musk," adding that he "won't be speaking to him for a while." "He's got a problem," Trump said. "The poor guy's got a problem." A White House official then told The New York Times that Trump had decided to sell the red Tesla he acquired back in March, while ABC News reported that a White House official indicated Trump would either sell or give away the vehicle. Read the original article on People
Bloomberg
an hour ago
- Bloomberg
Tesla's Leader of Optimus Humanoid Robot Program Leaves Company
The leader of Tesla Inc. 's Optimus program is leaving the company, according to a person familiar with the matter, injecting uncertainty into the humanoid robot effort that Chief Executive Officer Elon Musk sees as a significant part of the future business. Milan Kovac, the head of engineering for Optimus, informed colleagues on Friday that he is departing effective immediately, said the person, who asked not to be identified discussing private information. Ashok Elluswamy, who leads Tesla's autopilot teams, will take over responsibility for Optimus, the person said.
