Phishing Emails Impersonating Interpol Spread Custom Ransomware

Phishing Emails Impersonating Interpol Spread Custom Ransomware

First seen 2 Jul 2026, 12:12 UTC BitdefenderFeeds.FeedburnerInfosecurity-Magazine 82% similarity 54.9
Share:

Article Content

Browse articles
ThreatCluster

A phishing campaign has been identified targeting small businesses globally, using fake emails from the 'Interpol Cybercrime Investigation Unit' to distribute ransomware. The emails create urgency, claiming an investigation into compliance issues, and direct recipients to a Proton Drive link containing a password-protected archive. Once opened, the archive deploys ransomware disguised as a video file, encrypting files on the victim's system. Notably, the ransomware contains a hardcoded decryption key, allowing victims to recover files without paying a ransom. The campaign affects various industries, including technology, finance, and legal services, across Europe, Asia, the Middle East, and the United States. Researchers assess that the attackers likely lack sophistication, relying on social engineering tactics to exploit fear. Bitdefender has recommended immediate action for affected organizations, including disconnecting from networks and reporting incidents.

Key Points: • Phishing emails impersonate Interpol to spread ransomware to small businesses. • The ransomware includes a hardcoded decryption key, allowing file recovery without payment. • The campaign targets multiple industries across several continents, indicating a broad impact.

ThreatCluster AI

Timeline

2026-07-01
Bitdefender reports phishing campaign
Bitdefender reveals a campaign using fake Interpol emails to distribute ransomware targeting small businesses worldwide.
Bitdefender
2026-07-02
SC Media reports on ransomware details
SC Media highlights that the ransomware has a decryption key embedded, allowing victims to recover files without paying.
Feeds.Feedburner

Community

Browse all →