
DOGE-Trolling Ransomware Hackers Demand $1 Trillion
Update, April 24, 2025: This story, originally published April 23, has been updated with information from a new FBI ransomware report following the latest DOGE attackers' trillion-dollar ransom demand.
The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims.
Although there is no doubt that ransomware threats should be taken very seriously, what with a massive surge in ransomware attacks this year, new password-cracking tools being employed to gain initial access, and some very concerning political moves by big names in the extortion-racket industry, not all the players take themselves seriously it would seem.
The ransomware group behind the recent DOGE Big Balls threat, using a variant of existing malware known as FOG, and trying to pin responsibility for the attacks on a well-known member of the Department of Government Efficiency team, has just updated its ransom note. As detailed in an April 21 security report by researchers Nathaniel Morales and Sarah Pearl Camiling at Trend Micro, the ransomware now appears to have started trolling DOGE and Elon Musk mercilessly. In reference to the now-infamous Musk demand for federal workers to email DOGE what they had achieved, leaving them fearing for their jobs if they did not comply, the ransom note has been altered to read:
'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars.'
In an April 23 FBI internet crime report, B. Chad Yarbrough, the FBI
operations director for criminal and cyber, confirmed that ransomware is 'the most pervasive threat to critical infrastructure' and played an increasingly important role in the $16.6 billion cost of cybercrime to individuals and organizations in the U.S. across 2024. Interestingly, the FBI report said that the FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024. The bureau's Internet Crime Complaint Center provides this information to field offices to help the FBI 'identify new ransomware variants, discover the enterprises the threat actors are targeting, and determine whether critical infrastructure is being targeted,' the FBI said.
'The most alarming thing about the FBI's IC3 report is that its numbers are just the tip of the formidable iceberg of organized cybercrime,' Dr Ilia Kolochenko, CEO at ImmuniWeb, said. Warning that a 'growing number' of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment, Kolochenko said that it's likely we will see this option continue to be taken. 'In all cases,' Kolochenko advised, 'the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. Otherwise, you are running a sprint on thin ice.' In the case of the DOGE attacks, maybe less consideration is required when the demand is for a trillion dollars.
'The ransomware payload embedded in the samples has been verified as FOG ransomware,' the Trend Micro report warned, 'an active ransomware family targeting both individuals and organizations.' As such, it's imperative that you do not think that just because the attackers might act like clowns, the threat itself isn't serious.
Indeed, the ransomware demand itself is all business. 'We are the ones who encrypted your data and also copied some of it to our internal resource,' the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references are not the only trolling in the updated ransom note, there's also a 'Don't snitch now' warning. This could be in response to the ransomware informer platform that I have previously reported on. The humor — I guess that's what it is an attempt at — continues with a warning from the attackers that they have 'grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live,' in order to prove that they are lying. Not lying and not funny, but not to be ignored either. Report any such attacks to the FBI here.

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles

Wall Street Journal
15 minutes ago
- Wall Street Journal
Podcast: Trump Aides Find Most SpaceX Contracts Vital
The Trump administration determined it couldn't eliminate most of SpaceX's contracts with the federal government, because they are critical to the Defense Department and NASA. The early assessment underscored the dominance of Elon Musk's company as the pre-eminent rocket launcher, and a major satellite-internet provider. 🎧 Listen to our Tech News Briefing podcast.
Yahoo
39 minutes ago
- Yahoo
SpaceX aborts satellite launch 11 seconds before liftoff
When you buy through links on our articles, Future and its syndication partners may earn a commission. SpaceX aborted the launch of two communications satellites just before liftoff on Monday evening (July 21). A Falcon 9 rocket topped with two of SES' O3b mPOWER internet spacecraft was set to launch from Florida's Cape Canaveral Space Force Station at 5:27 p.m. EDT (2127 GMT) on Monday. But it didn't quite happen: SpaceX called an abort just 11 seconds before liftoff. The launch window extended for another 90 minutes or so, but the company soon decided to stand down for the day. "Standing down from today's launch of the @SES_Satellites O3b mPOWER mission and now targeting tomorrow, July 22 for liftoff. Vehicle and payload remain healthy," SpaceX said via X on Monday evening. At the time of this article's publication, the company had not yet explained what caused the abort. The two-hour launch window on Tuesday opens at 5:12 p.m. EDT (2112 GMT). SpaceX will stream the action live via its website and X account, beginning about 15 minutes before liftoff. Related Stories: — SpaceX launches 2 mPOWER satellites from Florida on 2nd leg of spaceflight doubleheader (video) — SpaceX: Facts about Elon Musk's private spaceflight company — 8 ways SpaceX has transformed spaceflight Luxembourg-based SES' mPOWER constellation consists of eight satellites in medium-Earth orbit, all of which have been launched by SpaceX. The network is already operational, but it's not complete; it will eventually feature 13 spacecraft. Solve the daily Crossword


Forbes
an hour ago
- Forbes
Cybertruck Regains Some Glory At Mobbed Tesla Diner Opening
Tesla Cybertruck had a big presence on Monday evening at the opening of the Tesla Diner. The Tesla Diner was mobbed Monday evening after opening to the general public. Cybertrucks were prominent. When I arrived at around 7:00 pm, Cybertrucks were out in force, charging in the front parking lot (see video below). Cybertruck sales have hit a rough patch in the last couple of quarters but you would never know that on Monday evening. The line of people snaked from the Diner down N. Orange Ave., which borders the a two-story, circular stainless steel structure on the east side. The queue on N. Orange was several hundred feet long (see photo below). In addition to the people waiting to eat, all of the 80 Superchargers were being used. With Teslas lining up to charge on N. Orange Ave. The lion's share of the 80 Superchargers are in the back lot. And that was also completely waiting to get in diner extended several hundred feet down N. Orange Ave Patrons lining up outside the diner. The line snaked back along N. Orange Ave Tesla Diner back lot was full.