New FOG Ransomware Attack Mimic as DOGE Attacking Organization Via Weaponized Email

The campaign, identified through analysis of nine samples uploaded to VirusTotal between March 27 and April 2, 2025, shows a concerning evolution in ransomware tactics that blend political references with advanced technical capabilities. Cybersecurity researchers have uncovered a sophisticated ransomware campaign where cybercriminals are distributing FOG ransomware while trolling victims by claiming ties to the Department of Government Efficiency (DOGE), a recent US government initiative. According to the analyzed samples, the attackers either represent the original FOG ransomware operators using DOGE-related references as a trolling tactic, or potentially other cybercriminals embedding FOG ransomware into their binaries for impersonation purposes. The attackers distribute a ZIP file named “Pay Adjustment.zip” containing a malicious LNK file disguised as a PDF document, which when clicked, initiates a complex infection chain leading to data encryption and ransom demands. The final payload drops a dbgLog.sys file to record encryption events and a readme.txt ransom note that contains communication instructions directing victims to a Tor hidden service. The group’s victims span multiple sectors including technology, education, manufacturing, transportation, business services, healthcare, retail, and consumer services, demonstrating the widespread threat this campaign poses. Trend Micro researchers identified that since January 2025, FOG ransomware has impacted approximately 100 victims, with February seeing the highest concentration at 53 cases. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Before executing its payload, the ransomware performs several anti-sandbox checks, examining processor count, RAM availability, MAC address, registry settings, and system tick count. The note mockingly references DOGE, demonstrating the attackers’ intention to leverage current political themes in their social engineering tactics.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 09:00:15 +0000


Cyber News related to New FOG Ransomware Attack Mimic as DOGE Attacking Organization Via Weaponized Email

Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security - “Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level ...
1 month ago Krebsonsecurity.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - So far, Musk and his Department of Government Efficiency (DOGE) have accessed the computer systems of the Department of Treasury, as well as classified data from the US Agency for International Development (USAID) and the Office of Personnel ...
4 months ago Darkreading.com
DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News - Concerns about DOGE’s activities at the IRS are being amplified by the lack of transparency about what exactly is being accessed and why, especially since the executive order creating DOGE indicated the group would be attempting to modernize IT and ...
4 months ago Therecord.media
New FOG Ransomware Attack Mimic as DOGE Attacking Organization Via Weaponized Email - The campaign, identified through analysis of nine samples uploaded to VirusTotal between March 27 and April 2, 2025, shows a concerning evolution in ransomware tactics that blend political references with advanced technical capabilities. ...
2 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
2 months ago Cybersecuritynews.com
Elon Musk's DOGE Website Database Vulnerability Let Anyone Make Entries Directly - A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. Sam Curry, a coding expert, noted that the ...
4 months ago Cybersecuritynews.com
U.S DOGE Allegedly Hacked - Fed Whistleblower Leaked Most Disturbing Documents - A federal whistleblower “Daniel Berulis”, A senior DevSecOps architect has allegedly sent a affidavit document of a U.S DOGE significant data breach at the National Labor Relations Board (NLRB), claiming that personnel from the Department ...
2 months ago Cybersecuritynews.com
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
3 months ago Krebsonsecurity.com
New Limitations Placed on DOGE's Access to Private Social Security Information - A federal judge has issued a preliminary injunction that significantly limits the Department of Government Efficiency’s (DOGE) access to sensitive Social Security Administration (SSA) data. The decision comes amid heightened concerns over data ...
2 months ago Cybersecuritynews.com
DOGE to Fired CISA Staff: Email Us Your Personal Data – Krebs on Security - On Monday, The New York Times reported that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the ...
3 months ago Krebsonsecurity.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
8 months ago Esecurityplanet.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
3 months ago Cybersecuritynews.com
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs – Krebs on Security - An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for ...
1 month ago Krebsonsecurity.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
8 months ago Cyberdefensemagazine.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
1 year ago Bleepingcomputer.com LockBit Cactus
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
1 year ago Securityboulevard.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa