Latest news with #Fog
Time of India
24-04-2025
- Business
- Time of India
DOGE-themed malware mocks Elon Musk, demands $1 trillion in ransom
Phishing emails deliver the latest variant Live Events Growing impact and warnings from authorities FAQs A group of cybercriminals behind the Fog ransomware is hitting the headlines after issuing DOGE-themed ransom notes and demanding $1 trillion. In a bizarre twist, the note satirically referenced Elon Musk and the Department of Government Efficiency (DOGE). They asked the victims to provide bullet points of their workweek. This, seemingly, was a jab at Musk's infamous email to federal it looks humorous on the surface, the attacks are very real and dangerous. These attackers have used a variant of Fog ransomware, confirmed Trend Micro The attackers, according to the Forbes report, declared that they encrypted their data and copied some of it. They offered decryption services via a Tor browser. Reportedly, victims were warned to not 'snitch' and were told that their geolocation coordinates were also per the report, unlike earlier Fog campaigns, which relied on compromised VPN credentials, the latest wave employed phishing emails with a zip archive titled Pay If opened, a malicious LNK file triggers a PowerShell script, which downloads the ransomware and related quoted Trend Micro researchers stating that the script also included politically charged content. It can open YouTube videos and gather detailed system information. Victims, reportedly, were directed to pay the ransom via Monero . Some notes even offered free decryption if they forwarded the malware to someone else, highlighting the hackers' mocking Micro further observed that 173 ransomware incidents linked to Fog were recorded since June 2024. This mainly affected technology, manufacturing, education, and transport sectors. In February alone, 53 new victims fell prey to their report dated April 23, 2025, stated that ransomware is one of the most pervasive threats to critical infrastructure. Fog, the FBI said, was the most reported new ransomware variant in 2024. They said that it contributed to the $16.6 billion cost of cybercrime in the expert Dr Ilia Kolochenko reportedly warned the organisations against quietly paying ransoms. He stressed that there is a need for legal and technical consultation before making decisions. He said that it would be like sprinting on thin Micro too advised the organisations to bolster their defences with secure backups, regular patching, phishing awareness training, and network segmentation. They also released indicators of compromise to help identify Fog ransomware Despite the taunting tone, the ransomware does exist and has been confirmed by security experts. The attacks lead to data encryption and, in most cases, data not respond to the attackers. Report the attack to your local cybercrime agency or the FBI's Internet Crime Complaint Centre. Consult with cybersecurity experts.
Forbes
15-04-2025
- Forbes
DOGE Big Balls Ransomware Attack — What You Need To Know
A new ransomware threat called DOGE Big Balls uses political conspiracy theories as false flags. Although current high-profile news events are more often to be found used as bait in the realm of organized phishing crime to hook victims into clicking links, one cybercrime group has taken political conspiracy theory and woven it into ransomware code in an attempt to throw law enforcement off the scent. Welcome to the very strange world that is the DOGE Big Balls ransomware threat. If you think the threat from ransomware attackers is all but over, then you are very wrong indeed. While the amount paid in ransoms is declining the attacks themselves are not only surging but evolving fast. With new ransomware groups employing tools to brute force VPN and firewall passwords, old groups wanting to make friends with the FBI, and some even, I kid you not, moving the ransomware threat to snail mail, the danger is far from over. An April 14 report from threat intelligence platform Cyble, has detailed how one ransomware group is leveraging provocative political commentary, conspiracy theory, and even the name and address of a high-profile individual within the Department Of Government Efficiency to manipulate, misattribute and draw attention while sowing the seeds of confusion. That ransomware threat is called DOGE Big Balls. Although the ransomware payload itself is a highly-customized version of an existing malware threat known as Fog, the threat actors behind the latest attacks have renamed their threat to DOGE Big Balls Ransomware, likely to attract media attention and stand out from the crowd. Mea culpa, it's working. It's relatively basic in attack methodology, leveraging a ZIP file with a deceptive shortcut that ultimately executes a multi-stage Windows Powershell infection chain. A known vulnerability, CVE-2015-2291, is exploited to get the necessary kernel-level access to enable privilege escalation. Where things get more unusual, however, is that the ransomware scripts include political commentary and conspiracy theory in the code. 'By introducing conspiracy-laced commentary in the code and ransom notes,' Cyble threat intelligence analysts said, 'the threat actor demonstrates a psychological play designed to unsettle and distract victims during critical moments of response.' These statements include the likes of 'The CIA didn't kill Kennedy you idiot. Oswald is a very deranged person that felt ostracized by his own country.' The ransomware demand text itself references 19-year-old software engineer and DOGE worker Edward Coristine, known online as Big Balls, and about whom much has been written in the media regarding his alleged past. Not only do the attackers falsely claim that Coristine is the threat actor behind the ransomware attack, but they include his full home address and telephone number. 'The use of Coristine's name and the DOGE reference in the ransomware could be a tactic to malign him and the DOGE initiative,' Cyble said. I have reached out to DOGE for a statement.
