The campaign, identified through analysis of nine samples uploaded to VirusTotal between March 27 and April 2, 2025, shows a concerning evolution in ransomware tactics that blend political references with advanced technical capabilities. Cybersecurity researchers have uncovered a sophisticated ransomware campaign where cybercriminals are distributing FOG ransomware while trolling victims by claiming ties to the Department of Government Efficiency (DOGE), a recent US government initiative. According to the analyzed samples, the attackers either represent the original FOG ransomware operators using DOGE-related references as a trolling tactic, or potentially other cybercriminals embedding FOG ransomware into their binaries for impersonation purposes. The attackers distribute a ZIP file named “Pay Adjustment.zip” containing a malicious LNK file disguised as a PDF document, which when clicked, initiates a complex infection chain leading to data encryption and ransom demands. The final payload drops a dbgLog.sys file to record encryption events and a readme.txt ransom note that contains communication instructions directing victims to a Tor hidden service. The group’s victims span multiple sectors including technology, education, manufacturing, transportation, business services, healthcare, retail, and consumer services, demonstrating the widespread threat this campaign poses. Trend Micro researchers identified that since January 2025, FOG ransomware has impacted approximately 100 victims, with February seeing the highest concentration at 53 cases. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Before executing its payload, the ransomware performs several anti-sandbox checks, examining processor count, RAM availability, MAC address, registry settings, and system tick count. The note mockingly references DOGE, demonstrating the attackers’ intention to leverage current political themes in their social engineering tactics.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 09:00:15 +0000