DOGE-Trolling Ransomware Hackers Demand $1 Trillion

Forbes

24-04-2025

These DOGE ransowmare hackers demand a trillion dollar payment.
Update, April 24, 2025: This story, originally published April 23, has been updated with information from a new FBI ransomware report following the latest DOGE attackers' trillion-dollar ransom demand.
The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims.
Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves seriously it would seem.
The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. As detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware now appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read:
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.'
In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI
operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said.
'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars.
'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.' As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious.
Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either. Report any such attacks to the FBI here.