Latest news with #FOG
Forbes
25-04-2025
- Forbes
DOGE-Trolling Ransomware Hackers Demand $1 Trillion In Chilling Attack
These DOGE ransowmare hackers demand a trillion dollar payment. Update, April 25, 2025: This story, originally published April 23, has been updated with further details regarding the DOGE ransomware attack and information from a new FBI report about the FOG malware threat used following the latest trillion-dollar ransom note demand. The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE by demanding a ridiculous extortion fee of, and I trust you are sitting down, one trillion dollars from victims. This one has Dr Evil written all over it. Here's everything you need to know about the DOGE ransomware attackers, the FOG malware they have adapted, and the nature of that outrageous ransom note demand. Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves as seriously it would seem. I certainly hope that's the case as far as the DOGE ransomware attackers and the newly updated ransom note left for victims is concerned. The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. The original threat was already bad enough, using a ZIP file with a deceptive shortcut to execute a multi-stage PowerShell infection chain exploiting a known Windows vulnerability, CVE-2015-2291, to gain kernel-level access and privilege escalation. The attack also, it has to be said, employed the political commentary and conspiracy theory tactic within the ransomware scripts and code. These included such things as 'The CIA didn't kill Kennedy you idiot. Oswald is a very deranged person that felt ostracized by his own country.' Now, as detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read: 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.' In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said. 'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars. 'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.' 'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro said, adding that 'the impact of a successful ransomware attack could still potentially cost enterprises financial loss and operational disruption,' regardless of the DOGE references and the trolling nature of the ransom note itself. The security researchers noted that the FOG ransomware itself has compromised some 100 victims in the first three months of the year, before the DOGE-trolling started, it would seem. In January, there were 18 victims, 53 in February and 29 in March. Trend Micro said that the de-obfuscated script in the ransom note executed a PowerShell command which performs a multi-stage operation: retrieving a ransomware loader ( and other PowerShell scripts. 'It also opens politically themed YouTube videos and includes written political commentary directly in the script,' the report stated, which adds to the trolling-element of the attack. FOG also takes your security very seriously, at least as far as stopping defenders from analyzing the malware is concerned. 'We have observed that prior to dropping its payload,' the security researchers confirmed, 'the malware investigated checks various indicators, such as processor count, RAM, MAC address, registry, and tick count, to detect a sandbox.' If any of these security checks should fail, then FOG will exit the entire process. As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious. Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps. The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either.
Forbes
24-04-2025
- Business
- Forbes
DOGE-Trolling Ransomware Hackers Demand $1 Trillion
These DOGE ransowmare hackers demand a trillion dollar payment. Update, April 24, 2025: This story, originally published April 23, has been updated with information from a new FBI ransomware report following the latest DOGE attackers' trillion-dollar ransom demand. The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims. Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves seriously it would seem. The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. As detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware now appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read: 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.' In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said. 'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars. 'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.' As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious. Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps. The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either. Report any such attacks to the FBI here.
Forbes
23-04-2025
- Business
- Forbes
DOGE Ransomware Hackers Demand $1 Trillion
These DOGE ransowmare hackers demand a trillion dollar payment. The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE with a demand for, are you sitting down, one trillion dollars. Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves seriously it would seem. The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated their ransom note. As detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware now appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read: 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.' 'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.' As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious. Indeed, the ransomware demand itself is all business to begin with. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps. The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor, and I guess that's what it is an attempt at, continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either. Report any such attacks to the FBI here.
Yahoo
22-04-2025
- Yahoo
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. A ransomware gang is channeling Elon Musk's Department of Government Efficiency by taunting victims with ransom notes that demand to know what they've "accomplished for work" in the last week. The FOG ransomware group has been distributing the DOGE-themed notes in recent weeks, according to malware samples that cybersecurity vendor Trend Micro discovered on the file-scanning service VirusTotal. 'We observed that these samples initially dropped a note containing key names related to the Department of Government Efficiency (DOGE),' Trend Micro says. The ransom notes also allude to Edward Coristine, who uses the online alias 'Big Balls." He reportedly has a history with cybercriminal groups, but was still appointed to Musk's DOGE team. A separate cybersecurity firm, Cyble, spotted the same attack generating a pop-up on computers that says 'DOGE BIG BALLS RANSOMWARE.' The FOG ransomware gang appears to be spreading its attack through phishing emails with an attachment titled "Pay If opened, the attachment will download and execute a PowerShell script designed to load the ransomware loader in " along with other malicious programs. "It also opens politically themed YouTube videos and includes written political commentary directly in the script,' Trend Micro notes. The attack is designed to gather data on the victim's PC before encrypting the files, and then leaving a ransom note, demanding the victim pay approximately $1,000 in the Monero cryptocurrency. According to Cyble, the ransom note, titled introduces the threat actor as 'Edward Coristine,' and lists his purported home address and phone number. The note then echoes Elon Musk's recent emails to federal workers and demand that victims justify their productivity by listing their weekly accomplishments. 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars,' the ransom note from the FOG gang says. 'The use of Coristine's name and the 'DOGE' reference in the ransomware could be a tactic to malign him and the DOGE initiative,' Cyble adds. In the ransom note, the FOG group also claims they'll decrypt the files for free, but only if the victim spreads the ransomware attack to another victim. 'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro warns. The gang claims to have attacked over 100 victims, including organizations in the education, manufacturing, and transportation sectors, since January. Meanwhile, the official "what did you do this week" emails from DOGE are reportedly a bust. The Washington Post reports that the Office of Personnel Management basically told HR officials across the government that the emails are voluntary and that the agency didn't plan to do anything with the emails that were submitted.
Yahoo
28-02-2025
- Entertainment
- Yahoo
Jackson official, LGBTQ group respond to Supreme Court denial of TN drag law case
On Monday, the U.S. Supreme Court declined a petition to hear a case concerning Tennessee's Adult Entertainment Act, upholding its constitutionality. Passed in 2023, House Bill 9 makes it an offense to host "adult-oriented entertainment," like cabaret performances and drag shows, in public spaces where minors could potentially view them. Supporters of the legislation say it ensures the protection of children from sexually explicit performances, while opponents, such as in the case of Friends of George's v. Mulroy, argue it violates free speech. Per Monday's decision, the case will not be heard by the Supreme Court. More: First Jackson drag show held since state's limiting legislation More: Music, festivity, and drag shows: Jackson TN Pride events return for fifth year More: Tennessee legislators try to halt Jackson Pride drag show, raising First Amendment concerns FOG filed an injunction on Mar. 27, 2023, shortly after Gov. Bill Lee signed HB9 into law, pushing back on the constitutionality of the legislation's encroachment on free speech. FOG, an LGBTQ+ theatre company in Memphis, has featured "drag-centric" entertainment since 2011. The troupe also works to raise money for organizations and charities that support the LGBTQ+ community. A district court ruled in favor of FOG and prohibited the legislation from being enforced in Shelby County. The case, which names Shelby County District Attorney Steven Mulroy as the respondent, was taken to the U.S. Court of Appeals for the Sixth Circuit where it was dismissed on July 18, 2024. On Dec. 19, 2024, Mulroy filed a petition for the Supreme Court to review the lower court's decision. That petition was denied on Monday and upholds Tennessee's HB9. In response to the Supreme Court's decision, the theatre company posted on its website that "this ruling does not define us." "Friends of George's Theatre Company will continue exercising our First Amendment right to bring joyful, LGBTQ+ inclusive art into our community while raising thousands for charities that uphold dignity and respect for all," the post said. "We extend our deepest gratitude to our legal team for their valiant effort in representing us over the past two years. We are forever grateful for their advocacy, dedication and unwavering belief in our constitutional right to free expression." In 2022, Jackson was at the forefront of the conversation concerning the parameters of adult entertainment. Controversy concerning a drag show deemed "family friendly" was the diving board for the introduction of the legislation, sponsored by Rep. Chris Todd, R-Madison County. Todd, along with other local legislators, spearheaded the campaign to legally object to the drag show, scheduled to be hosted at the Carl Perkins Civic Center. Jackson Pride, a local grassroots group striving to promote inclusivity and support among the LGBTQ+ community, organized the event. Originally set to be held in Conger Park, the event was quickly contested by local pastor and legislator outrage, and thus, prompting its relocation to the Civic Center with an age requirement. The annual drag performance has since returned to the Civic Center with no pushback, drawing a large crowd, and is restricted to those above the age of 18. Following the Supreme Court decision, Todd shared the following statement on Wednesday. 'I'm grateful to the United States Supreme Court for allowing the Sixth Circuit's ruling to stand, a major victory for morality and basic protections for children,' Todd said. 'Tennessee will continue to be a passionate advocate for families by supporting parental rights and protecting the innocence of minors. I continue to be proud of our state and Attorney General Jonathan Skrmetti as we fight for common sense in our nation.' Though Jackson Pride declined to comment on the Supreme Court decision, a representative from the organization said "we don't host adult entertainment for minors." Sarah Best is a reporter for The Jackson Sun. To support local journalism, subscribe to the Daily Briefing here. This article originally appeared on Jackson Sun: Jackson official, Pride group react to Supreme Court drag case denial
