DOGE-Trolling Ransomware Hackers Demand $1 Trillion In Chilling Attack
Update, April 25, 2025: This story, originally published April 23, has been updated with further details regarding the DOGE ransomware attack and information from a new FBI report about the FOG malware threat used following the latest trillion-dollar ransom note demand.
The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE by demanding a ridiculous extortion fee of, and I trust you are sitting down, one trillion dollars from victims. This one has Dr Evil written all over it. Here's everything you need to know about the DOGE ransomware attackers, the FOG malware they have adapted, and the nature of that outrageous ransom note demand.
Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves as seriously it would seem. I certainly hope that's the case as far as the DOGE ransomware attackers and the newly updated ransom note left for victims is concerned.
The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. The original threat was already bad enough, using a ZIP file with a deceptive shortcut to execute a multi-stage PowerShell infection chain exploiting a known Windows vulnerability, CVE-2015-2291, to gain kernel-level access and privilege escalation. The attack also, it has to be said, employed the political commentary and conspiracy theory tactic within the ransomware scripts and code. These included such things as 'The CIA didn't kill Kennedy you idiot. Oswald is a very deranged person that felt ostracized by his own country.'
Now, as detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read:
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.'
In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI
operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said.
'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars.
'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.'
'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro said, adding that 'the impact of a successful ransomware attack could still potentially cost enterprises financial loss and operational disruption,' regardless of the DOGE references and the trolling nature of the ransom note itself.
The security researchers noted that the FOG ransomware itself has compromised some 100 victims in the first three months of the year, before the DOGE-trolling started, it would seem. In January, there were 18 victims, 53 in February and 29 in March.
Trend Micro said that the de-obfuscated script in the ransom note executed a PowerShell command which performs a multi-stage operation: retrieving a ransomware loader (cwiper.exe), ktool.exe and other PowerShell scripts. 'It also opens politically themed YouTube videos and includes written political commentary directly in the script,' the report stated, which adds to the trolling-element of the attack.
FOG also takes your security very seriously, at least as far as stopping defenders from analyzing the malware is concerned. 'We have observed that prior to dropping its payload,' the security researchers confirmed, 'the malware investigated checks various indicators, such as processor count, RAM, MAC address, registry, and tick count, to detect a sandbox.' If any of these security checks should fail, then FOG will exit the entire process.
As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious.
Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Digital Trends
26 minutes ago
- Digital Trends
Explore Tesla's first-ever diner in this walk-through video
Tesla has just thrown open the doors of its brand new diner in Hollywood, California, a place that Tesla chief Elon Musk promised will be 'an island of good food, good vibes and entertainment, all while Supercharging.' As the restaurant and Supercharger facility welcomed its very first guests on Monday night, Tesla shared a video tour of the plush new diner on X. You can watch it below. Tesla Diner & Supercharger in Hollywood, LA Open 24/7, starting now — Tesla (@Tesla) July 21, 2025 The walk-through takes you around the stylish dining area and up to the rooftop where visitors can relax with a drink and even watch a film on one of the two large movie screens down in the parking lot. Recommended Videos You'll also glimpse a Tesla bot — also known as Optimus — Tesla's humanoid robot. However, rather than working at the bar or serving drinks, it's been placed inside a display cabinet. Clearly it's not quite ready for showtime. Before the opening, Musk shared a drone shot of the new diner. In an accompanying comment, he said that if this first Tesla Diner proves popular, the company will open more of them 'in major cities around the world as well as at Supercharger sites on long distance routes.'
Business Upturn
41 minutes ago
- Business Upturn
XRP breaks through resistance and price surges 90%, PBK Miner launches revolutionary XRP cloud mining, igniting the XRP market
By GlobeNewswire Published on July 22, 2025, 04:15 IST Los Angeles, California, July 21, 2025 (GLOBE NEWSWIRE) — XRP has had a great week, hitting an eye-popping $3.66 on Friday, a massive 90% increase from April levels. Now just a stone's throw away from XRP's legendary peak of $3.84 during the 2018 bull run, as enthusiasm in the cryptocurrency market soars, PBKMiner has officially launched a groundbreaking innovation: Ripple's XRP cloud mining contract – no hardware required, daily rewards, and fully remote access for users around the world. The upward trend continues as global financial institutions increasingly adopt Ripple's liquidity framework. As tokenized assets and stablecoins gradually become mainstream, XRP is more than just a cryptocurrency, it is gradually becoming the backbone of Ripple's plan to unlock more than $100 trillion in global liquidity. As a neutral digital bridge asset, XRP enables fast settlement between different currencies, assets and networks. 'The current XRP ecosystem has entered the fast lane. PBKMiner's goal is to help users seize this growth opportunity. Without hardware and maintenance, users can easily participate in mining and obtain daily income.' PBKMiner's operations director said, 'We see that short- and medium-term contracts are particularly popular among young users and novice investors because they have a low entry barrier, short cycle and fast returns.' XRP Cloud Mining Now Available—Easy, Smart, and ProfitableXRP has long been recognized for its role in cross-border payments and institutional financing, and now PBKMiner's latest innovation – user-friendly cloud mining, takes XRP to the next can mine XRP directly or take advantage of PBKMiner's intelligent AI engine, which automatically transfers mining power to the highest-yielding assets, including BTC, ETH, DOGE, USDC, and more. Earnings will be paid daily in the cryptocurrency of your choice, providing a reliable source of income regardless of market you are a novice or an experienced investor, with the PBKMiner AI cloud mining platform, you don't need to buy mining machines or professional skills, and everyone can easily participate in mining. In just three steps, you can start your journey of passive income from digital assets. Start earning income in just three easy steps: Register – Create an account and receive a $10 welcome bonus. Choose a plan – Select a short-term or long-term contract (1-55 days available). Start earning – Track your daily rewards and withdraw them in your preferred token. Why is PBKMiner's XRP mining so unique and leading?◆ XRP Integration: Activate mining contracts instantly with XRP.◆ Available to everyone: No technical skills, no hardware, no complex operations – just click to make money.◆ AI Intelligent Optimization: Artificial Intelligence mining strategies can bring stable returns in a variety of assets.◆ Built-in flexibility: Choose to mine XRP or diversify to other top cryptocurrencies – all with just one contract.◆ Global instant access: Start mining securely from anywhere in the world through a browser or app. ◆ Environmentally compliant operations: Mining operations use green energy and fully comply with UK and global standards Mining contract solutions to suit every budget and strategy:PBKMiner offers a variety of XRP-based cloud mining contracts designed for flexibility, predictable income, and effective risk management:$10 contract – 1 day – earn $0.6$100 contract – 2 days – earn $3.5 per day$500 contract – 5 days – earn $6.5 per day$5,000 contract – 30 days – earn $77.50 per day$30,000 contract – 50 days – earn $525.00 per dayWhether you are investing for the first time or building a long-term portfolio, PBKMiner offers transparent, low-risk contracts that bring a steady daily XRP data are not predictions, but real experiences of millions of users, thanks to PBKMiner's profit optimization based on artificial intelligence and result-centric mining model. Click here to explore all mining contracts. Key features of PBKMiner's XRP cloud mining contract:1. Focus on XRP ecosystem integration: Take advantage of XRP's fast settlement speed to seamlessly deposit, mine and withdraw XRP on the platform.2. Multi-currency mining support: Support earning XRP, BTC, ETH, DOGE, USDC, USDT, SOL, LTC and BCH, etc.3. AI-driven income optimization: Advanced proprietary algorithms optimize mining allocation to achieve maximum profitability and reduce costs.4. No hardware required: 100 remote access, cloud-based operations are fully accessible through the PBKMiner application or browser.5. Fund security protection: Daily automatic settlement, clear and traceable returns, all contracts return the full principal at maturity, minimize risks, and fully protect user assets. 6. Technology and service: An experienced team of experts and customer service staff are at your service 24/7. About PBKMiner As a leading digital asset management platform, since its establishment in 2019, PBKMiner has expanded its cloud mining business for XRP, BTC, ETH, LTC, DOGE and SOL in 183+ countries and regions, serving millions of active users around the world. Relying on a strong technical background and stable mining infrastructure, it makes cryptocurrency mining smarter, simpler and more inclusive, eliminating the technical barriers of traditional mining, and providing a transparent and low-risk stable mining income, especially for investors who seek sustainable long-term returns rather than speculative gains. For full details and participation options, please visit: Disclaimer: The information provided in this press release does not constitute an investment solicitation, nor does it constitute investment advice, financial advice, or a trading recommendation. Cryptocurrency mining and staking involve risks and may result in the loss of funds. It is strongly recommended that you perform due diligence before investing or trading in cryptocurrencies and securities, including consulting a professional financial advisor. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. Ahmedabad Plane Crash GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
Yahoo
42 minutes ago
- Yahoo
Elon Musk's Company Achieves Major Breakthrough
Elon Musk's Neuralink is continuing to make advancements, with the company achieving a first over the weekend. According to Neuralink, it has successfully implanted its brain-computer interface (BCI) in its eighth and ninth participants. In addition, Neuralink revealed that both implants were done on the same day, which had never been done before. "We successfully completed both P8 and P9 this weekend, our first time performing two surgeries in one day," Neuralink wrote. "Both participants are recovering well and in great spirits. We are looking forward to supporting them on their Neuralink journey." Neuralink has already helped paraplegics in clinical trials, with the BCI chip enabling them to control a computer and robot arms with their thoughts. The hope is that one day the device will help those same people walk again. But Musk also believes the implant will help those who are deaf or hard of hearing and others with dementia down the road. "Neuralink will do life-changing good for ultimately millions, maybe billions, of people," Musk predicted. "Imagine your loved one being able to walk again or your parent with dementia being able to recognize their child again." Completing two surgeries in one day is a big step for Neuralink, as now it'll be possible for the company to help more people in a shorter amount of time. Whether or not Neuralink's device will be able to do what Musk says remains to be seen, but it's moving in the right Musk's Company Achieves Major Breakthrough first appeared on Men's Journal on Jul 21, 2025
