Phishing Campaign Using Fake Interpol Emails Distributes Ransomware to Small Businesses

Phishing Campaign Using Fake Interpol Emails Distributes Ransomware to Small Businesses

First seen 2 Jul 2026, 12:12 UTC BitdefenderFeeds.FeedburnerInfosecurity-MagazineDarkreadingwww.infosecurityeurope.com+1 87% similarity 57.6
Share:

Article Content

Browse articles
ThreatCluster

A phishing campaign has emerged, targeting small businesses across Europe, Asia, the Middle East, and the United States with emails impersonating Interpol. The emails claim that the recipient's organization is under investigation for suspicious activities and prompt them to download a password-protected archive from Proton Drive. This archive contains ransomware disguised as a video file, which encrypts the victim's files upon execution. The ransom note instructs victims to negotiate with the attackers via Tox, without specifying a ransom amount. Researchers note that the malware is relatively simple, with hardcoded decryption keys embedded within it, allowing victims to recover files without paying. The campaign has affected various sectors, including pharmaceuticals, food, agriculture, and technology. It highlights the effectiveness of social engineering over sophisticated malware in extorting small businesses.

Key Points: • Phishing emails impersonating Interpol target small businesses globally. • Ransomware is delivered through a password-protected archive containing a disguised executable. • The malware includes hardcoded decryption keys, allowing file recovery without payment.

ThreatCluster AI

Timeline

2026-07-01
Bitdefender reports phishing campaign
Bitdefender reveals a phishing campaign using fake Interpol emails to distribute ransomware to small businesses.
Bitdefender
2026-07-02
Dark Reading covers the ransomware campaign
Dark Reading highlights the ongoing phishing campaign and its impact on small businesses across multiple regions.
Darkreading
2026-07-02
SC Media reports on malware's decryption key
SC Media reports that the ransomware includes a decryption key embedded in the malware, allowing recovery without negotiation.
Feeds.Feedburner
2026-07-02
Infosecurity Magazine highlights the phishing tactic
Infosecurity Magazine discusses the phishing tactic used by cybercriminals posing as Interpol to deliver ransomware.
Infosecurity-Magazine

Community

Browse all →