DOGE-themed malware mocks Elon Musk, demands $1 trillion in ransom

A group of cybercriminals behind the Fog ransomware is hitting the headlines after issuing DOGE-themed ransom notes and demanding $1 trillion. In a bizarre twist, the note satirically referenced Elon Musk and the Department of Government Efficiency (DOGE). They asked the victims to provide bullet points of their workweek. This, seemingly, was a jab at Musk’s infamous email to federal workers.

Though it looks humorous on the surface, the attacks are very real and dangerous. These attackers have used a variant of Fog ransomware, confirmed Trend Micro.

The attackers, according to the Forbes report, declared that they encrypted their data and copied some of it. They offered decryption services via a Tor browser. Reportedly, victims were warned to not ‘snitch’ and were told that their geolocation coordinates were also captured.

Phishing emails deliver the latest variant

As per the report, unlike earlier Fog campaigns, which relied on compromised VPN credentials, the latest wave employed phishing emails with a zip archive titled Pay Adjustment.zip. If opened, a malicious LNK file triggers a PowerShell script, which downloads the ransomware and related tools.

It quoted Trend Micro researchers stating that the script also included politically charged content. It can open YouTube videos and gather detailed system information. Victims, reportedly, were directed to pay the ransom via Monero. Some notes even offered free decryption if they forwarded the malware to someone else, highlighting the hackers’ mocking tree.

Growing impact and warnings from authorities

Trend Micro further observed that 173 ransomware incidents linked to Fog were recorded since June 2024. This mainly affected technology, manufacturing, education, and transport sectors. In February alone, 53 new victims fell prey to their attack.

FBI’s report dated April 23, 2025, stated that ransomware is one of the most pervasive threats to critical infrastructure. Fog, the FBI said, was the most reported new ransomware variant in 2024. They said that it contributed to the $16.6 billion cost of cybercrime in the US.

Cybersecurity expert Dr Ilia Kolochenko reportedly warned the organisations against quietly paying ransoms. He stressed that there is a need for legal and technical consultation before making decisions. He said that it would be like sprinting on thin ice.

Trend Micro too advised the organisations to bolster their defences with secure backups, regular patching, phishing awareness training, and network segmentation. They also released indicators of compromise to help identify Fog ransomware activity.

FAQs

Q: Is the DOGE-themed ransomware note an actual threat?
Yes. Despite the taunting tone, the ransomware does exist and has been confirmed by security experts. The attacks lead to data encryption and, in most cases, data theft.


Q: What do I do if I get a DOGE Big Balls ransomware message?
Do not respond to the attackers. Report the attack to your local cybercrime agency or the FBI's Internet Crime Complaint Centre. Consult with cybersecurity experts.