Elon Musk Fans Hit by Satirical PowerShell Ransomware

A newly uncovered ransomware campaign is targeting supporters of Elon Musk with a mix of technical sophistication and satirical messaging, according to researchers at KrakenLabs. Identified as a variant of the Fog ransomware family, the attack chain begins with phishing emails containing PDFs labeled “Pay Adjustment.” These lure victims to a Netlify-hosted ZIP file that deploys multi-stage PowerShell scripts.

The payload includes “cwiper.exe” for file encryption, “ktool.exe” for kernel-level access using a Bring Your Own Vulnerable Driver (BYOVD) tactic, and obfuscated scripts for reconnaissance. The campaign features a ransom note impersonating a figure linked to DOGE cryptocurrency and lists government emails as fake support contacts.

Adding to the mockery, the malware triggers a YouTube video ridiculing Musk supporters. Despite its comedic tone, the inclusion of a Monero wallet signals a financial motive, illustrating a trend in ransomware where ideological parody conceals criminal intent. The campaign reflects evolving threats blending humor, deception and technical prowess.