Feeds.Feedburner
Phishing Campaign Using Fake Interpol Emails Distributes Ransomware to Small Businesses
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign has emerged, targeting small businesses across Europe, Asia, the Middle East, and the United States with emails impersonating Interpol. The emails claim that the recipient's organization is under investigation for suspicious activities and prompt them to download a password-protected archive from Proton Drive. This archive contains ransomware disguised as a video file, which encrypts the victim's files upon execution. The ransom note instructs victims to negotiate with the attackers via Tox, without specifying a ransom amount. Researchers note that the malware is relatively simple, with hardcoded decryption keys embedded within it, allowing victims to recover files without paying. The campaign has affected various sectors, including pharmaceuticals, food, agriculture, and technology. It highlights the effectiveness of social engineering over sophisticated malware in extorting small businesses.
Key Points: • Phishing emails impersonating Interpol target small businesses globally. • Ransomware is delivered through a password-protected archive containing a disguised executable. • The malware includes hardcoded decryption keys, allowing file recovery without payment.