Feeds.Feedburner
Phishing Emails Impersonating Interpol Spread Custom Ransomware
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign has been identified targeting small businesses globally, using fake emails from the 'Interpol Cybercrime Investigation Unit' to distribute ransomware. The emails create urgency, claiming an investigation into compliance issues, and direct recipients to a Proton Drive link containing a password-protected archive. Once opened, the archive deploys ransomware disguised as a video file, encrypting files on the victim's system. Notably, the ransomware contains a hardcoded decryption key, allowing victims to recover files without paying a ransom. The campaign affects various industries, including technology, finance, and legal services, across Europe, Asia, the Middle East, and the United States. Researchers assess that the attackers likely lack sophistication, relying on social engineering tactics to exploit fear. Bitdefender has recommended immediate action for affected organizations, including disconnecting from networks and reporting incidents.
Key Points: • Phishing emails impersonate Interpol to spread ransomware to small businesses. • The ransomware includes a hardcoded decryption key, allowing file recovery without payment. • The campaign targets multiple industries across several continents, indicating a broad impact.