Hackers have shifted to using the advanced βFileFixβ technique in Interlock ransomware attacks to deploy remote access trojans and better evade detection. This evolution shows threat actorsβ adaptability, making cyber threats more sophisticated and harder to combat. #InterlockRansomware #FileFix #KongTuke #PowerShell #RemoteAccessTrojan
Keypoints
- Interlock ransomware operators are now using the FileFix method to deliver malware more stealthily.
- FileFix tricks users into executing malicious code via trusted Windows UI elements like File Explorer.
- The attack involves disguising PowerShell commands as fake file paths to download and run the PHP RAT.
- The malware collects system data, performs reconnaissance, and can execute commands from the C2 server.
- Recent attacks have targeted high-profile victims such as Texas Tech University and Kettering Health.