New DOGE-Trolling Attacks Confirmed — $1 Trillion Payment Demanded
New DOGE Big Balls ransomware attacks spotted.
Update, May 10, 2025: This story, originally published May 9, has been updated with further information regarding the newly confirmed DOGE Big Balls ransomware threat payloads as well as correcting a malformed link to the original threat research report.
Just as you were hoping the ransomware threat might have started to ebb, the bad news keeps flowing in. From government warnings as hackers target passwords and 2FA codes to use in their extortion attacks, one ransomware campaign dropping zero-days, and researchers indicating a 5,365 ransomware attack rampage. There has been some good news, such as the notorious LockBit group being hacked and details of their crypto wallets being leaked. But the good news is in the minority, as this latest report has confirmed: the DOGE Big Balls ransomware attackers are back with a new payload alongside that by now infamous Elon Musk-trolling $1 trillion ransom demand.
In case you missed it the first time around, the strange tale of the DOGE Big Balls ransomware attack is quite the oddball, even for the world of cybersecurity, where threats often border on the bizarre. It all started on April 15 when I reported how a ransomware group was weaving political conspiracy theory into malware code in an apparent attempt to throw cyber-defenders and law enforcement off the scent. That ransomware was given the name of DOGE Big Balls because it referenced software engineer and DOGE worker, who has an online nickname of Big Balls, and even included his home address and telephone number in the ransomware note.
Fast forward to April 23, and things started getting even more outlandish as the ransomware attackers upped the ante by including a $1 trillion demand in the ransomware note. This appeared, once again, to be a direct DOGE-trolling exercise, aimed at Elon Musk as much as anyone. 'Give me five bullet points on what you accomplished for work last week, or you owe me a TRILLION dollars,' the note demanded.
It would be too easy to suggest you can't take this bunch of cybercriminals seriously, but that would be a mistake, as threat intelligence has just landed regarding another twist and turn in the DOGE ransomware campaign, including dangerous new payloads and tools being used in ongoing attacks.
The Netskope report describes new scripts and binaries, as well as custom and open-source tools, and new ransomware payloads. In all, Fróes detailed a total of 14 payloads that had been observed during the extensive investigation into the latest DOGE ransomware threat. The first was the aptly-named payload.msi, a Microsoft software installer file suspected of arriving by way of either that old chestnut, the phishing email, or possibly the exploitation of an exposed vulnerable service. Whatever the initial infection vector, Fróes said, the file executed a malicious PowerShell script. Next up is wix.ps1 which, it was reported, executes the real content by creating a Windows shortcut file in the startup directory so as to be sure it will execute once a user is logged in. This also makes the EdgeAutoUpdaterTask, which needs no user interaction as it is created in the Startup folder and forces 'the download and execution of the stage1.ps1 script,' which is next in the payload queue. 'It creates a directory named 'hidden' under the Windows Startup folder and modifies its attributes to hide the directory,' Fróes explained, and attempts to disable Windows Defender protections. A number of further scripts were then downloaded, with various payloads including one that bypasses anti-malware scan interface technology, a Windows standard that is designed to allow integration with anti-malware products to add further protections against attacks. Another collected useful information from the now infected machine to send back to the attackers, and looks for password hashes that can be used. Domain controllers are targeted, new users added to any Domain Admin machines found, and access to the infected computer enabled.
'During our investigation,' Fróes said, 'we noticed that both the payloads and the URLs used to download the payloads were updated quite often.' That there was a large number of payloads, and these were updated at an alarming frequency, Fróes said, it only goes to reinforce how 'complex and dangerous attacks involving this ransomware can be, using many different tools to cover phases like lateral movement, privilege escalation, credential dumping, and more.' So, regardless of the DOGE-trolling and the frankly ridiculous $1 trillion demand, take note when Fróes concluded the report by stressing the 'significant negative impact' that a successful DOGE Big Balls ransomware attack can have on a business. At the end of the day, no matter the bizarreness of the attacker, ransomware is no joke.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
San Francisco Chronicle
30 minutes ago
- San Francisco Chronicle
Now that Musk has turned his chainsaw on Trump, what happens to all the government data he accessed?
For anyone who's seen the quintessential slasher classic 'The Texas Chainsaw Massacre,' the destructive power of a man wielding a chainsaw is the indisputable stuff of nightmares. But the same could easily be said about this year's remake featuring Elon Musk, where the dancing chainsaw slasher reenacted, for Conservative Political Action Conference theatergoers, a scene eerily reminiscent of the original. I'm thinking, specifically, of that unforgettable final scene, where Leatherface fades to black swinging his gas-powered murder weapon wildly through the air as he helplessly watches his last potential victim make her last-minute daring escape, dangling from the back of a stranger's pickup truck. Social Security? Gutted. Veterans programs? Gutted. Alzheimer's, cancer and climate research? Gutted. School lunches, Head Start, the entire Department of Education? All gutted. Air safety, food safety, consumer protections? Gutted. Gutted. Gutted. Museums, libraries, hospitals, childcare? You get the drift. And what about all those thousands of federal workers whose jobs were cut? It'll take us years to recover from these self-inflicted wounds. Not to mention the generational damage wrought to our standing in the global community by what is possibly Musk's proudest personal achievement: the decimation of America's foreign assistance programs feeding starving children, combating human trafficking, fighting malaria and reducing the transmission of HIV. All summarized, of course, by the heartless tweet: 'We spent the weekend feeding USAID into the wood chipper.' While the long-term consequences of these actions may be difficult to gauge, conservative estimates are measured in the tens of thousands. But now, apparently, our modern-day Leatherface has turned his power tool on the guy who gave him the chainsaw in the first place. Even implying that his former boss was involved in the Jeffrey Epstein sex trafficking conspiracy, and has since conspired to bury the evidence that would expose Trump's connections to Epstein's decades-long criminal activities — sort of hard to put that toothpaste back into the tube, wouldn't you say? At first glance, this appears to have all the makings of an Ultimate Fighting Championship bout, fought in the middle of a monster truck rally. This calls to mind the 1990s Claymation TV show 'Celebrity Deathmatch,' where preposterously paired big-name personalities (Hillary vs. Monica? Prince Charles vs. Prince?) fought to the death. Promises to be one hell of a show! What America may be in danger of losing sight of in the ensuing spectacle is the real threat to our national security posed by the world's richest man, who, until quite recently, enjoyed unfettered access to everything the government knows about you. Never before has the data your federal government collects about every American been consolidated into a single database. It has always, religiously, been 'siloed' into disconnected data systems — some at the Treasury Department, some at the Education Department, some at the Veterans Affairs and the Social Security Administration, among other agencies — but always carefully stored and guarded by the separate entities collecting the data. The New York Times, for example, recently published a comprehensive story detailing 314 specific personal details your government potentially knows about you. I suggest giving that a read. A week ago, this casual observer would have assumed these two men, Trump and Musk, were acting with a single motive. Assembling the master data that could make possible Trump's ambitions for sweeping dictatorial powers, and for Musk's ambitions. The sheer volume of data, of course, far outstrips anything that social media titans like Mark Zuckerberg or Musk could legally monetize. And, in any event, certainly not the quid pro quo one might expect for a $288 million campaign contribution. Musk seemed, instead, to be carving himself a unique role in a near-future authoritarian oligarchy, as the undisputed Richelieu to Trump's Louis XIII. But, alas, that was not to be. What is to be, is the shocking revelation that a man who just days ago was given the ceremonial key to the White House — and in the weeks prior, the key to just about every federal government data base — has now cut all ties, and who we know talks regularly with Vladimir Putin, with whom he enjoys a reportedly friendly relationship, is now a free agent. Did Musk take the data with him? To me, the answer seems obvious. The way his pot-smoking 'college dropouts' sauntered into agency after rarified government agency, enjoying open access to virtually anything they wanted — and then they were called out by a whistleblower for uploading huge troves of data to an unsecured server. Within minutes, after Russian hackers had apparently been tipped off, they tried to download it using the correct passwords. We are told that in the end, the Russians were unable to access the data. Whether or not that denial is accurate and truthful, however, again, what should be obvious is that Musk's team successfully spirited your personal information from secure government databases to god knows where. That is the reality to which we wake today, and now every day. Let's hope that after those two Claymation figures have beaten the clay out of each other, someone comes up with a plan to clean up the mess they made. Before it's too late. Brett Wagner, now retired, served as professor of national security decision making for the U.S. Naval War College and adjunct fellow at the Center for Strategic and International Studies.
Fox News
32 minutes ago
- Fox News
17 illegal migrants discovered crammed in RV, sedan in sweltering Arizona heat
A man has been arrested and charged with human smuggling after 17 illegal migrants were found crammed inside an RV and a nearby sedan in the sweltering Arizona heat Wednesday. The majority of the illegal migrants, who are all from Mexico, were found packed inside the cramped RV which was parked on a property in Nogales as temperatures inside soared under the summer sun, according to Sean L. McGoffin, chief patrol agent of Border Patrol's Tucson Sector. Those inside the RV, including a minor, had limited space and ventilation with no access to running water, McGoffin said. The rest of the migrants were wedged into a small sedan that was discovered during a vehicle stop. "This rescue likely prevented a tragedy," McGoffin said. "With summer temperatures already climbing, packing people into trailers and vehicles without proper ventilation or water is a recipe for disaster. Human lives should never be treated as cargo." All the migrants are now safe, in custody and will be processed accordingly, McCoffin said. The rescued individuals are being processed for expedited removal in accordance with U.S. immigration law. The man who was arrested is a U.S. citizen and initially attempted to flee the scene on foot but was apprehended by agents shortly after. Investigators are working to determine whether others were involved. The operation was carried out by Nogales Border Patrol, Nogales Police and Homeland Security Investigations. "No recreation happening in this vehicle, instead it was used by smugglers forcing people to hide out in inhumane conditions in sweltering heat," McGoffin said. "Although no one was injured, the situation shows the danger illegal aliens face in the hands of smugglers."
Gizmodo
35 minutes ago
- Gizmodo
Sam Altman's Brief Ouster at OpenAI Is Getting the Movie Treatment
At some point, Hollywood decided the world of tech was a nice little well for drama, but it can probably just throw out the latest material that it's happened into rather than serving it to the rest of us. According to The Hollywood Reporter, we're going to be getting a movie based on the five-day period that Sam Altman was ousted and ultimately reinstated as the head of OpenAI. The film, which will reportedly be titled 'Artificial,' already has a pretty star-studded call sheet, though everything is still in the rumor period, it seems. Luca Guadagnino, director of Call Me by Your Name and Challengers, is reportedly in talks to direct the picture. Andrew Garfield is currently the favorite to play Altman, which is very much in his wheelhouse after his performance as Facebook co-founder Eduardo Saverin in The Social Network. Monica Barbaro, who played Joan Baez in A Complete Unknown, is reportedly in talks to play former OpenAI CTO Mira Murati, and Anora breakout star Yura Borisov is up for company co-founder and Altman antagonist Ilya Sutskever. Comedy writer Simon Rich, who wrote for 'Saturday Night Live' and created 'Miracle Workers,' is reportedly responsible for the screenplay. One of the problems for Hollywood repeatedly going after these real-life Big Tech dramas is that the industries are now so entangled. This OpenAI flick, for instance, is handled by Amazon MGM Studios. Amazon is about $8 billion deep into investments into OpenAI rival Anthropic. So like, do they have the motivation to trash OpenAI in this thing? (Not that external pressure to do so is necessary, but still.) And sure, the drama at OpenAI is compelling. It's not too often that the founder of one of the hottest companies around gets kicked out by the board because they no longer trust him, only for him to be reinstated five days later. And, as stories like the Wall Street Journal's accounting of the events highlight, there is no shortage of intrigue and backstabbing along the way that will probably play well on the big screen. But ugh is the list of these Silicon Valley dramas getting long, and it doesn't feel like it's really accomplishing much other than pumping the egos of the subjects. The Social Network remains probably the best work the genre has produced (save for HBO's 'Silicon Valley,' which hasn't aged a day since it came to an end), and even that failed to really capture just how greedy and unethical these people would turn out. (Though, give Aaron Sorkin this, he probably was ahead of the curve on calling out the bro-ish-ness of Zuckerberg that is now on display when he pops up on Joe Rogan's podcast.) The rest of the offerings have their charms, to be sure. 'The Dropout,' 'WeCrashed,' and 'Super Pumped' all manage to pull out some great performances and are built around compelling stories. But none of them really sufficiently get at the greed, corruption, and frankly, the disdain for everyone from regulators to actual, regular people who get harmed while these people amass their fortunes. Maybe that's because the stories typically follow the central figures—the Altmans and Zuckerbergs and Holmeses of the world—from their seats in the C-suites, and they are so rarely confronted with reality there.
