Cybercriminals are deploying Interlock ransomware through a clever social engineering trick called ClickFix. Victims visit compromised websites that display fake error messages, prompting them to copy and run malicious PowerShell commands that appear to fix technical issues.
Active since September 2024, the ransomware has targeted organizations across North America and Europe using double extortion tactics. The malware fingerprints victim systems to identify high-value targets while avoiding security researchers. eSentire analysts discovered the sophisticated attack chain in July 2025, revealing multi-layered techniques involving PowerShell scripts and custom remote access tools.
Source: Cyber Security News