New DOGE-Trolling Attacks Confirmed — $1 Trillion Payment Demanded
Update, May 10, 2025: This story, originally published May 9, has been updated with further information regarding the newly confirmed DOGE Big Balls ransomware threat payloads as well as correcting a malformed link to the original threat research report.
Just as you were hoping the ransomware threat might have started to ebb, the bad news keeps flowing in. From government warnings as hackers target passwords and 2FA codes to use in their extortion attacks, one ransomware campaign dropping zero-days, and researchers indicating a 5,365 ransomware attack rampage. There has been some good news, such as the notorious LockBit group being hacked and details of their crypto wallets being leaked. But the good news is in the minority, as this latest report has confirmed: the DOGE Big Balls ransomware attackers are back with a new payload alongside that by now infamous Elon Musk-trolling $1 trillion ransom demand.
In case you missed it the first time around, the strange tale of the DOGE Big Balls ransomware attack is quite the oddball, even for the world of cybersecurity, where threats often border on the bizarre. It all started on April 15 when I reported how a ransomware group was weaving political conspiracy theory into malware code in an apparent attempt to throw cyber-defenders and law enforcement off the scent. That ransomware was given the name of DOGE Big Balls because it referenced software engineer and DOGE worker, who has an online nickname of Big Balls, and even included his home address and telephone number in the ransomware note.
Fast forward to April 23, and things started getting even more outlandish as the ransomware attackers upped the ante by including a $1 trillion demand in the ransomware note. This appeared, once again, to be a direct DOGE-trolling exercise, aimed at Elon Musk as much as anyone. 'Give me five bullet points on what you accomplished for work last week, or you owe me a TRILLION dollars,' the note demanded.
It would be too easy to suggest you can't take this bunch of cybercriminals seriously, but that would be a mistake, as threat intelligence has just landed regarding another twist and turn in the DOGE ransomware campaign, including dangerous new payloads and tools being used in ongoing attacks.
The Netskope report describes new scripts and binaries, as well as custom and open-source tools, and new ransomware payloads. In all, Fróes detailed a total of 14 payloads that had been observed during the extensive investigation into the latest DOGE ransomware threat. The first was the aptly-named payload.msi, a Microsoft software installer file suspected of arriving by way of either that old chestnut, the phishing email, or possibly the exploitation of an exposed vulnerable service. Whatever the initial infection vector, Fróes said, the file executed a malicious PowerShell script. Next up is wix.ps1 which, it was reported, executes the real content by creating a Windows shortcut file in the startup directory so as to be sure it will execute once a user is logged in. This also makes the EdgeAutoUpdaterTask, which needs no user interaction as it is created in the Startup folder and forces 'the download and execution of the stage1.ps1 script,' which is next in the payload queue. 'It creates a directory named 'hidden' under the Windows Startup folder and modifies its attributes to hide the directory,' Fróes explained, and attempts to disable Windows Defender protections. A number of further scripts were then downloaded, with various payloads including one that bypasses anti-malware scan interface technology, a Windows standard that is designed to allow integration with anti-malware products to add further protections against attacks. Another collected useful information from the now infected machine to send back to the attackers, and looks for password hashes that can be used. Domain controllers are targeted, new users added to any Domain Admin machines found, and access to the infected computer enabled.
'During our investigation,' Fróes said, 'we noticed that both the payloads and the URLs used to download the payloads were updated quite often.' That there was a large number of payloads, and these were updated at an alarming frequency, Fróes said, it only goes to reinforce how 'complex and dangerous attacks involving this ransomware can be, using many different tools to cover phases like lateral movement, privilege escalation, credential dumping, and more.' So, regardless of the DOGE-trolling and the frankly ridiculous $1 trillion demand, take note when Fróes concluded the report by stressing the 'significant negative impact' that a successful DOGE Big Balls ransomware attack can have on a business. At the end of the day, no matter the bizarreness of the attacker, ransomware is no joke.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
a few seconds ago
- CNET
Eat Here and Get Recharged: Tesla Opens a Drive-in Diner
Table of Contents Eat Here and Get Recharged: Tesla Opens a Drive-in Diner Tesla has launched a retro-inspired drive-in diner that doubles as an electric vehicle charging station. The electric-vehicle company, known more for self-driving cars and its headline-making CEO Elon Musk, announced its drive-in diner at located at 7001 West Santa Monica Blvd in Hollywood, California, is open for business. The place also serves as an electric vehicle charging station with 80 V4 Supercharger stalls, "making it the largest urban Supercharging station in the world," according to the diner's website. But while you wait, you can nosh on a cup of Waygu beef chili with the fam from the diner or the comfort of your vehicle (maybe save the chili for in-restaurant dining to avoid any nasty spills). You don't have to drive a Tesla to eat there -- the charger stalls are open to all NACS-compatible EVs -- but you do need your Tesla touchscreen to order ahead and see what's playing next on one of the two 66-foot LED megascreens the two-story diner sports. The diner touts a "retro-futuristic" menu, with a typical array of diner-inspired food, although at a premium price. Tech reporter Sawyer Merritt shared the menu prices, which include $13 for a hot dog and $15 for fried chicken and waffles. The diner is open 24 hours, offering breakfast options including breakfast tacos for $9 and avocado toast for $11. Musk said in a post on X that if the first foray proves a success, more diners could be coming to other cities around the world. CNET first reported in 2021 on Tesla's application for a patent for the Tesla name for use on goods and services, which included restaurants.
CNET
a few seconds ago
- CNET
Bring Your Own Phone to Metro Mobile and Get Unlimited 5G Data for Just $25/Month
Reliable cell coverage is pretty essential these days, but plans at major carriers like AT&T, T-Mobile and Verizon can get pretty pricey -- especially if you only need a single line. Smaller carriers are a great way to save some cash each month, and right now Metro by T-Mobile has an incredible offer for those on a tight budget looking to switch providers. Those who bring their own device to Metro can get a single line of unlimited 5G data for just $25 per month right now when either getting a new number or switching their existing number over. Plus, this deal includes a five-year price guarantee, so you don't have to worry about any surprises on your bill after a couple of months. Note that this price requires you to enroll in autopay, and you'll be paying $30 for the first month. If you need more than one line, you can get multiple for around $28 per line per month, which is still a pretty great value. This plan also comes with some extra benefits, including Scam Shield, which helps you protect yourself from phishing calls and texts. You also get unlimited talk and text, and access to special deals on food, gas, entertainment and more on "T-Mobile Tuesdays." Metro also operates on the same network as T-Mobile, so you're getting the same reliable coverage for a fraction of the usual cost. Why this deal matters Cell plans typically get more affordable when you have multiple lines, which means it can get pretty pricey if you only need a single line. This Metro by T-Mobile offer is a rare chance to get a single line at a great price on a plan that includes unlimited calls, texts and 5G data. Plus, the $25 per month price is guaranteed for five years.
Forbes
2 minutes ago
- Forbes
Hidden Cost Of 'Free' Apps: How Your Data And Decisions Are Monetized
BATH, UNITED KINGDOM - AUGUST 01: In this photo illustration the logo of US online social media and ... More social networking site 'X' (formerly known as Twitter) is displayed centrally on a smartphone screen alongside that of Threads (L) and Instagram (R) on August 01, 2023 in Bath, England. On the top row the logo of online video sharing and social media platform YouTube is seen alongside that of Whatsapp and TikTok. Along the bottom row Facebook, Quora amd Messenger are displayed. Elon Musk recently revealed the new logo for Twitter, which constitutes the letter 'X' as part of a rebrand of the company. (Photo by) Let's be honest: 'Free' apps such as Robinhood and TikTok are everywhere, shouting out that you can get wealthy or be entertained without spending a nickel. These slick devices and mood-altering effects have fixed tens of millions of people in their shadow. But here's the truth about free stuff: nothing is free. They also profit from your data, push you towards riskier bets and costing people thousands of dollars in losses and nothing to show for it. Whether you chalk it up to gamified trading and influencer hype, or the endless email promotions, the price of these platforms is finally sinking into the consumer psyche. Robinhood had burst on the scene in 2013, with a sales pitch about commission-free trading and a mission to 'democratize' wealth. The infinite scroll of short, addictive videos on TikTok made it a global phenomenon. Both apps are free to download and use and do not require a subscription. But if you are not paying, then you are the product. Robinhood made $331 million in 2021 from 'payment for order flow,' a way that market makers pay to process your trades, in order to nudge you to trade more, whether or not it's a bad call. ByteDance, the Chinese company that owns TikTok, has been accused of sharing user data with advertisers that could be used to employ supremely targeted ads. A 2023 report by the Center for Digital Democracy put TikTok's data driven ad revenue above $15 billion a year. These apps don't just accumulate information; they drown you in it. Robinhood's app is designed to feel like a game, complete with bursts of confetti when you make a trade and push notifications that encourage you to keep up with the Joneses. It's no wonder many of its users were participating in dangerous options trading as of 2022, according to FINRA, and the vast majority having zero investing experience or knowledge. TikTok's algorithm also ensures you keep scrolling by serving up more of what hooks you, be that videos that tout 'meme stocks' such as GameStop or AMC. Social influencers are pushing these stocks which results in a buying frenzy. That was also true in 2021, when investor hype on Reddit and TikTok sent the share price of GameStop soaring before the price tumbled and retail investors got 'left holding the bag.' The problem: real people are the ones paying the price. According to a 2021 CNBC article, Dogecoin's 26,000% surge in six months was driven partly by teens and young adults on TikTok and Reddit, many of whom used apps like Robinhood to trade. The article highlighted that inexperienced investors, often in their late teens to early twenties, were drawn to the 'get rich quick' scheme, with some losing significant sums when the market corrected. It's important for investors to understand that the algorithms on these platforms privilege what benefits them, not what's best for you. The S.E.C. fined Robinhood $70 million in 2023 for confusingly documenting risks to users. TikTok's been sued over privacy problems, but both just keep getting bigger. Key Takeaway: "Free" apps come with a catch. They profit from your data, attention, and sometimes your finances. Be cautious and always conduct thorough, independent research before investing, and don't let app nudges or influencer hype drive your decisions.
