New DOGE Big Balls ransomware attacks spotted.
Just as you were hoping the ransomware threat might have started to ebb, the bad news keeps flowing in. From government warnings as hackers target passwords and 2FA codes to use in their extortion attacks, one ransomware campaign dropping zero-days, and researchers indicating a 5,365 ransomware attack rampage. There has been some good news, such as the notorious LockBit group being hacked and details of their crypto wallets being leaked. But the good news is in the minority, as this latest report has confirmed: the DOGE Big Balls ransomware attackers are back with a new payload alongside that by now infamous Elon Musk-trolling $1 trillion ransom demand.
The DOGE-Trolling Ransomware Attack Recap
In case you missed it the first time around, the strange tale of the DOGE Big Balls ransomware attack is quite the oddball, even for the world of cybersecurity, where threats often border on the bizarre. It all started on April 15 when I reported how a ransomware group was weaving political conspiracy theory into malware code in an apparent attempt to throw cyber-defenders and law enforcement off the scent. That ransomware was given the name of DOGE Big Balls because it referenced software engineer and DOGE worker, who has an online nickname of Big Balls, and even included his home address and telephone number in the ransomware note.
Fast forward to April 23, and things started getting even more outlandish as the ransomware attackers upped the ante by including a $1 trillion demand in the ransomware note. This appeared, once again, to be a direct DOGE-trolling exercise, aimed at Elon Musk as much as anyone. “Give me five bullet points on what you accomplished for work last week, or you owe me a TRILLION dollars,” the note demanded.
It would be too easy to suggest you can’t take this bunch of cybercriminals seriously, but that would be a mistake, as threat intelligence has just landed regarding another twist and turn in the DOGE ransomware campaign, including dangerous new payloads and tools being used in ongoing attacks.
New DOGE Ransomware Attack Arsenal Revealed
The Netskope report describes new scripts and binaries, as well as custom and open-source tools, and new ransomware payloads. “During our investigation,” Fróes said, “we noticed that both the payloads and the URLs used to download the payloads were updated quite often.” That there was a large number of payloads, and these were updated at an alarming frequency, Fróes said, it only goes to reinforce how
“complex and dangerous attacks involving this ransomware can be, using many different tools to cover phases like lateral movement, privilege escalation, credential dumping, and more.” So, regardless of the DOGE-trolling and the frankly ridiculous $1 trillion demand, take note when Fróes concluded the report by stressing the “significant negative impact” that a successful DOGE Big Balls ransomware attack can have on a business. At the end of the day, no matter the bizarreness of the attacker, ransomware is no joke.