Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
A ransomware gang is channeling Elon Musk's Department of Government Efficiency by taunting victims with ransom notes that demand to know what they've "accomplished for work" in the last week.
The FOG ransomware group has been distributing the DOGE-themed notes in recent weeks, according to malware samples that cybersecurity vendor Trend Micro discovered on the file-scanning service VirusTotal. 'We observed that these samples initially dropped a note containing key names related to the Department of Government Efficiency (DOGE),' Trend Micro says.
The ransom notes also allude to Edward Coristine, who uses the online alias 'Big Balls." He reportedly has a history with cybercriminal groups, but was still appointed to Musk's DOGE team. A separate cybersecurity firm, Cyble, spotted the same attack generating a pop-up on computers that says 'DOGE BIG BALLS RANSOMWARE.'
The FOG ransomware gang appears to be spreading its attack through phishing emails with an attachment titled "Pay Adjustment.zip." If opened, the attachment will download and execute a PowerShell script designed to load the ransomware loader in "cwiper.exe," along with other malicious programs.
"It also opens politically themed YouTube videos and includes written political commentary directly in the script,' Trend Micro notes. The attack is designed to gather data on the victim's PC before encrypting the files, and then leaving a ransom note, demanding the victim pay approximately $1,000 in the Monero cryptocurrency.
According to Cyble, the ransom note, titled RANSOMNOTE.txt, introduces the threat actor as 'Edward Coristine,' and lists his purported home address and phone number. The note then echoes Elon Musk's recent emails to federal workers and demand that victims justify their productivity by listing their weekly accomplishments.
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars,' the ransom note from the FOG gang says.
'The use of Coristine's name and the 'DOGE' reference in the ransomware could be a tactic to malign him and the DOGE initiative,' Cyble adds.
In the ransom note, the FOG group also claims they'll decrypt the files for free, but only if the victim spreads the ransomware attack to another victim.
'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro warns. The gang claims to have attacked over 100 victims, including organizations in the education, manufacturing, and transportation sectors, since January.
Meanwhile, the official "what did you do this week" emails from DOGE are reportedly a bust. The Washington Post reports that the Office of Personnel Management basically told HR officials across the government that the emails are voluntary and that the agency didn't plan to do anything with the emails that were submitted.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
2 hours ago
- Yahoo
How the Musk-Trump feud became an online battle like no other
What happens when the world's most powerful man and the world's richest man - both accomplished attention-seekers - clash on the internet? We're finding out in real time. This week, billionaire Elon Musk and President Donald Trump took to their respective social platforms to sling mud at the other after a fallout over federal spending. What started as a volley of barbs snowballed into a feud involving multiple social platforms and millions of onlookers, as everyone from big-name politicians to no-name meme accounts hurried to offer their takes and declare their allegiances. Subscribe to The Post Most newsletter for the most important and interesting stories from The Washington Post. The split could have profound real-world consequences, as both men show their willingness to leverage financial and political power to hit back at the other. It also illustrates how quickly a conflict can escalate when it is fanned by algorithmic feeds and the demands of the attention economy, which prizes outrage and relishes a high-profile feud. While Trump and Musk circle their wagons, drumming up support and smearing the other through posts on X and Truth Social, millions of smaller content creators stand to capitalize on the attention the feud generates. On Thursday afternoon, the number of active users on the X and Truth Social mobile apps both reached 90-day highs, according to preliminary estimates by Sensor Tower, a market intelligence firm. Between 2 and 6 p.m. Eastern time that day, the firm estimates that X usage was up 54 percent compared with the previous seven days, while Truth Social was up more than 400 percent, albeit from a much lower baseline. 'Public feuds like this drive social media engagement like crazy,' said Casey Fiesler, a professor of information science at the University of Colorado at Boulder who studies social media ethics. 'It's high-octane content because it's easy to meme and very algorithmically rewarded.' Musk, whose business empire includes X as well as Tesla, rocket company SpaceX and artificial intelligence start-up xAI, kicked off the fight on Tuesday when he posted on X to criticize a congressional spending bill backed by the president: 'This massive, outrageous, pork-filled Congressional spending bill is a disgusting abomination,' he wrote. The post was viewed more than 141 million times and sparked a flurry of commentary on X and elsewhere online. Gen Z internet personality Lil Tay, known for over-the-top posts flaunting luxury goods, got 2.8 million views on a reply clapping back at Musk for his former support of Trump, while far-right commentator Charlie Kirk referenced Musk's 'tweet heard around the world' in a post funneling viewers to Apple Podcasts to stream his talk show. Over the next two days, Musk continued to take shots at Trump on X, at one point posting a poll asking whether America needed a new centrist political party, while Trump told White House reporters that his and Musk's relationship was on the rocks. Then on Thursday, Musk escalated the back-and-forth by claiming in a post on X that Trump is implicated in the Epstein files, documents that allegedly contain the names of people who consorted with the late financier Jeffrey Epstein to sexually assault minors. The post exploded, drawing almost 200 million views in a day and stoking a second wave of content from politicians, creators and meme-makers. A post from an anonymous X user, liked by 192,300 people, mused: 'Who gets JD Vance in the divorce?' The vice president soon provided an answer, posting that Trump has 'earned the trust of the movement he leads.' On X, where Musk's changes to the platform's verification feature have blurred the lines between real public figures and paid subscribers, fake politicians joined the fray. 'Every time I smell a movement, I know you'll be next to it,' came a reply to Vance from an account for Rep. Jack Kimble - a fictitious congressman with more than 93,000 followers whose posts have often fooled social media users. Former Trump adviser Stephen K. Bannon seized the moment to make headlines with his podcast, in which he called for Trump to seize SpaceX and perhaps even deport Musk. Politics creators such as Philip DeFranco took to TikTok with beat-by-beat breakdowns of the feud, while Musk's estranged daughter Vivian Wilson posted to her Instagram stories a clip of herself laughing, with the caption, 'I love being proven right,' possibly in reference to past comments criticizing her father and Trump. In the Reddit community r/politics, self-styled sleuths conducted deep dives into Epstein-related court filings, at times linking to books and YouTube series that claim to investigate Epstein's celebrity accomplices. Far-fetched conspiracy theories floated around X as users speculated whether Trump and Musk could be secretly working together toward some noble end. Critics of Musk and Trump delighted in the affair. Rep. Alexandria Ocasio-Cortez (D-New York), who at 35 is a social media star in her own right, was stopped by a reporter outside the U.S. Capitol on Thursday and asked for her reaction to Trump and Musk's war of words. She was quick to spit an online catchphrase: 'Oh man, the girls are fighting, aren't they?' The clip spread quickly on TikTok, where it was boosted by left-leaning talking heads and news accounts. Academic research on online algorithms has shown that social feeds often prioritize content that elicits fear or rage. High-profile fights can boost the power and profiles of people involved, as with the infamous internet feuds between Kim Kardashian and Kanye West or influencers Trisha Paytas and Ethan Klein, said Fiesler. But trending conflicts are also a boon to the second-order creators, who jump to offer 'side takes,' playing off the argument of the day to drive traffic to their own products and profiles. A divisive court battle between actress Amber Heard and her ex-husband Johnny Depp, for instance, spawned its own media ecosystem, with creators and channels dedicated entirely to dissecting the feud - at times even falsifying or exaggerating information to keep viewers hooked. 'This [Musk-Trump feud] is half my TikTok feed right now,' Fiesler said. 'The more that people talk about it, the more people feel obligated to talk about it and take sides.' It's a dynamic the principals in this fight have long since mastered. Vance posted on X on Thursday a picture of himself with the popular podcaster and comedian Theo Von, with the tongue-in-cheek caption, 'Slow news day, what are we even going to talk about?' Musk reposted it, adding a 'laughter' emoji. Under Musk's ownership, X has lost advertisers and users turned off by his politics and lax approach to hate speech, with rivals such as Bluesky and Meta's Threads siphoning left-leaning users in particular. Now he risks alienating Trump loyalists. But in the meantime, even critics of his leadership of X acknowledged Thursday that it seemed to have 'the juice' - that is, it was driving the conversation - at least for the moment. 'A public blowup between the world's richest man and the president of the U.S. is hard for people to resist witnessing first-hand, even for those that may not regularly use X,' said Jasmine Enberg, vice president and principal analyst at eMarketer, a market research firm. 'That said, our media usage is so fragmented and we're being bombarded with the news from every channel that it's not likely to be significant or sustainable.' Truth Social, meanwhile, has become an increasingly important component of Trump's communication strategy, with the self-styled influencer-in-chief firing off a steady stream of posts - at times dozens a day - lauding his own actions or taking aim at rivals. White House employees and right-leaning creators then spread the posts to other platforms, broadening Truth Social's reach and influence even as the platform underperforms compared with X, Threads or Bluesky. (Sensor Tower estimates X has about 100 times more active users.) The Trump-Musk brouhaha exemplifies how online influencer culture has permeated politics, said Renée DiResta, a professor at Georgetown University's McCourt School of Public Policy and the author of 'Invisible Rulers.' 'Online beefing is not about winning - it's a kind of performance,' she said. The interactive nature of social media allows the audience to get in on the action. 'We pick sides, cheer for our champion and keep the fight going. We make memes - we can grab some attention for ourselves and help shape the fight if we make good ones.' But what might be harmless fun in the case of celebrity gossip, she said, has a darker side when the warring parties are among the world's most powerful people. In a striking example, a threat from Trump on Thursday to cancel government contracts with SpaceX prompted Musk to reply that the company 'will begin decommissioning its Dragon spacecraft immediately' - a move that would have severed NASA's only means of transporting astronauts to the International Space Station. A pseudonymous X user who had fewer than 100 followers at the time replied to Musk's post, urging him to 'take a step back' and reconsider. Within hours, Musk responded: 'Good advice. Ok, we won't decommission Dragon.' The online bedlam prompted sports commentator Darren Rovell to revisit a tweet he posted in 2016 that has since become a meme: 'I feel bad for our country. But this is tremendous content.' Related Content To save rhinos, conservationists are removing their horns Donald Trump and the art of the Oval Office confrontation Some advice from LGBTQ elders as WorldPride kicks off amid fears
Yahoo
4 hours ago
- Yahoo
Fact Check: Photo shows Cybertruck-like 1930 Russian 'Tarantaika'?
Claim: A photo authentically shows a 1930 Russian or Soviet "Tarantaika," also known as "Boneshaker." Rating: In late May and early June 2025, online users shared a rumor claiming a photo authentically showed a 1930 Russian or Soviet vehicle called "Tarantaika," or "Boneshaker." For example, users shared this rumor with the caption "1930 Russian/Soviet 'Tarantaika' (Boneshaker)" on Bluesky (archived), Facebook (archived), Instagram (archived) and X (archived). Some commenters under various posts mentioned the alleged vehicle's visible similarities to the Cybertruck, created by Tesla CEO Elon Musk's electric car company. (@ However, the picture did not show a Russian "Tarantaika" or "Boneshaker." A user created the image — a fake — with an artificial-intelligence (AI) tool. Snopes found no evidence that a Russian vehicle known by those names ever existed. In October 2024, Snopes examined the same fake image in another fact check, back when users captioned the photo as allegedly showing a "fully restored 1875 chuckwagon." We traced the roots of the picture to Facebook user Joshohoho, who told us he created the image with the generative-AI platform Midjourney. The user first posted the picture in the Crazed AI and Cursed AI groups on June 24, saying it showed a "Tesla Cybertruck Frontier Edition." They later reposted the image in the Midjourney Official group on June 28 with the caption, "Tesla Cybertruck: Oregon Trail edition." Searches of Bing, DuckDuckGo and Google failed to locate any information about a historic vehicle with the name "Tarantaika." A search for "Boneshaker" found a stock image of a "Bone-shaker" bicycle from France dating back to 1869, displayed at a March 2011 exhibition in Moscow, Russia, according to the Shutterstock image-licensing website. For further reading, a previous fact check examined a photo allegedly showing a crash involving two Tesla Cybertrucks. Anokhin, Nikita. "Moscow March 25 Bike Bone-Shaker France Stock Photo 74604073." Shutterstock, 25 Mar. 2011, DuckDuckGo - Protection. Privacy. Peace of Mind. Google. Liles, Jordan. "Photo Authentically Shows Fully Restored 1875 Chuckwagon?" Snopes, 30 Oct. 2024, Microsoft Bing. Yahoo | Mail, Weather, Search, Politics, News, Finance, Sports & Videos.
Business Insider
5 hours ago
- Business Insider
Tesla still holds many valuable apolitical cards, says Morgan Stanley
Morgan Stanley analyst Adam Jonas says that while the disagreement between Elon Musk and President Trump will help Tesla (TSLA) demand and could potentially 'alienate multiple sides of the political spectrum,' the company 'still holds so many valuable cards that are largely apolitical.' The longer-term vectors that drive the stock's value have not changed much, and include Tesla's artificial intelligence leadership, robotics, manufacturing, supply chain re-architecture, renewable power, and critical infrastructure, the analyst tells investors in a research note. Further, Morgan Stanley does not believe the phasing out of electric vehicle tax credits in the 'Big Beautiful Bill' is material to the long term outlook for Tesla. It reiterates an Overweight rating on the shares with a $410 price target Confident Investing Starts Here:
