Summary: The Interlock ransomware gang has adopted ClickFix attacks to infiltrate corporate networks by tricking victims into executing harmful PowerShell commands disguised as IT tools. This tactic has been shown to exacerbate the malware threat landscape, allowing Interlock to deploy file-encrypting malware after gaining initial access. The operation has been linked to various payloads and increasingly sophisticated attack methods, including data exfiltration and legal threats in ransom notes.
Affected: Corporate networks and organizations using FreeBSD servers and Windows systems
Keypoints :
- Interlock uses ClickFix attacks to impersonate IT tools and deploy file-encrypting malware.
- Victims are tricked into executing PowerShell commands, which initiate malware installation and data exfiltration.
- The tactic has been increasingly adopted by various threat actors, including other ransomware gangs and state-sponsored hackers.