DOGE Ransomware Hackers Demand $1 Trillion
A new ransomware attack has emerged, targeting victims with a peculiar twist: it's demanding a staggering sum of one trillion dollars. The cybercriminals behind the DOGE Big Balls ransomware attack have updated their ransom note to include a dash of humor and trolling, leaving many wondering if they should take the threat seriously.
According to researchers at Trend Micro, the ransomware group is using a variant of existing malware known as FOG. The attackers are pinning responsibility for the attacks on a well-known member of the Department of Government Efficiency team, but it's unclear how much credibility this claim holds.
The Troll Factor
What sets this ransom note apart from others is its lighthearted and humorous tone. In reference to Elon Musk's infamous demand for federal workers to email DOGE what they had achieved, the attackers have now updated their ransom note to read: "Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars."
The attackers are also referencing Elon Musk's Twitter presence, with a warning that reads: "Don't snitch now." This could be in response to the ransomware informer platform that has been reported on previously.
A Growing Concern
According to an FBI internet crime report released earlier this week, ransomware is "the most pervasive threat" to critical infrastructure. The FOG ransomware threat, a variant of which has been used in the DOGE Big Balls attacks, was the most reported of new ransomware attacks during 2024.
The bureau's Internet Crime Complaint Center provides information on this threat to field offices, helping the FBI identify new ransomware variants, discover enterprises targeted by threat actors, and determine whether critical infrastructure is being targeted.
A Growing Number of Victims
Dr. Ilia Kolochenko, CEO at ImmuniWeb, warns that a "growing number" of U.S. organizations prefer to silently settle with ransomware groups that carry a strong reputation for keeping attacks and data confidential following payment.
Kolochenko advises that the final decision to pay or not to pay should be brainstormed with cybercrime experts and lawyers having experience in such matters. "Otherwise, you are running a sprint on thin ice," he warns.
Don't Be Fooled
The ransomware payload embedded in the samples has been verified as FOG ransomware, an active ransomware family targeting both individuals and organizations. It's imperative that victims do not think that just because the attackers might act like clowns, the threat itself isn't serious.
"We are the ones who encrypted your data and also copied some of it to our internal resource," the attackers state. They then advise the victim that the sooner they are contacted, the sooner they can get everything resolved, offering instructions on using a Tor browser to get the next steps.
The DOGE references in the updated ransom note are not the only trolling in the message. There's also a warning from the attackers that they have "grabbed your trilatitude and trilongitude (the most accurate) coordinates of where you live," in order to prove that they are lying.
Report Any Such Attacks
According to the FBI, any victims of this ransomware attack should report their incident immediately. You can do so by visiting the Internet Crime Complaint Center website and filling out a complaint form.