If it redirects DNS then why wouldn’t it re-direct DNS away from the government website?
The men running this scam have been arrested, but many of the zombie computers are acting as DNS relays for the network they setup. No one is updating the DNS database any longer, so the new .org website isn’t in the catch list for them. As such, any one who has this should be able to go to this website without being re-directed.
Keep in mind, DNS is not all-inclusive. Corporations, governments, even the international registers can manipulate their DNS however they way. That’s all these scammers did. Once the malware was installed, all DNS was redirected to their servers by the malware, regardless of the DNS servers specified for the adapter.
It’s important to note this transcends operating system. This could be PC, Mac, or even Linux under the right conditions.