Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label healthcare ransomware attacks. Show all posts
Remote Access Trojan
Double extortion FileFix healthcare ransomware attacks Interlock ransomware malware PowerShell attack Remote Access Trojan

‘FileFix’ Malware Trick Amplifies Interlock Ransomware Threat With Evolved Attack Tactic

 

Cybersecurity researchers have identified a dangerous new twist to the notorious ClickFix malware tactic. The evolved variant—called FileFix—is now being weaponized in active ransomware campaigns, further advancing the threat landscape.

ClickFix typically lures users by showing them a bogus issue—like a fake CAPTCHA or a misleading virus alert—and then offers a “solution” that involves copying and pasting a command from a compromised website into the Windows Run dialog. This command often triggers the download and execution of malicious software.

However, the new FileFix technique modifies that approach. Instead of using the Run command, it instructs users to paste a string into the File Explorer address bar. Though it appears as a legitimate file path, the string is actually a disguised PowerShell command, cleverly masked using comment syntax.

In recent attacks observed in the wild, executing this PowerShell string installs a PHP-based version of the Interlock Remote Access Trojan (RAT). Once active, the RAT performs a range of actions—scanning system and network configurations, identifying backup systems, navigating through local file directories, probing Active Directory environments, and even inspecting domain controllers.

Eventually, the RAT leads to the deployment of the Interlock ransomware encryptor.

Interlock first appeared in September 2024 and was publicly detected by November the same year. It stood out by targeting both Windows and FreeBSD systems. Some high-profile victims include Wayne County (Michigan), Texas Tech University Health Sciences Center, Heritage Bank & McCormick–Priore, and Kettering Health.

The ransomware employs the typical double extortion approach—stealing sensitive data before locking systems with encryption to demand ransom.

As of mid-2025, Interlock has been linked to at least 14 confirmed incidents, with healthcare entities making up about one-third of the total. This shift in delivery method suggests active development of the malware and underscores its ongoing threat to global organizations.
Read more »
Subscribe to: Posts (Atom)