FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

Description

An investigation of nine malware samples revealed FOG ransomware being distributed by cybercriminals impersonating the Department of Government Efficiency (DOGE). The ransomware, spread via email and phishing attacks, is concealed in a ZIP file named 'Pay Adjustment.zip'. The infection chain involves a multi-stage operation, downloading various scripts and executables. The ransomware checks for sandbox environments, decrypts its payload, and drops a ransom note. FOG ransomware has targeted multiple sectors, including technology, education, manufacturing, and transportation. The campaign either involves original FOG operators using DOGE references to troll users or other actors embedding FOG ransomware for impersonation purposes.