{"id":217894,"date":"2025-07-15T02:14:46","date_gmt":"2025-07-15T07:14:46","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/interlock-ransomware-adopts-filefix-method-to-deliver-malware"},"modified":"2025-07-15T02:14:46","modified_gmt":"2025-07-15T07:14:46","slug":"interlock-ransomware-adopts-filefix-method-to-deliver-malware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/interlock-ransomware-adopts-filefix-method-to-deliver-malware","title":{"rendered":"Interlock ransomware adopts FileFix method to deliver malware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/interlock-ransomware-adopts-filefix-method-to-deliver-malware.jpg\"><\/a><\/p>\n<p>Hackers have adopted the new technique called \u2018FileFix\u2019 in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.<\/p>\n<p>Interlock ransomware operations have increased over the past months as the threat actor started using the KongTuke web injector (aka \u2018LandUpdate808\u2019) to deliver payloads through compromised websites.<\/p>\n<p>This shift in modus operandi was observed by researchers at The DFIR Report and Proofpoint since May. Back then, visitors of compromised sites were prompted to pass a fake CAPTCHA + verification, and then paste into a Run dialog content automatically saved to the clipboard, a tactic consistent with ClickFix attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers have adopted the new technique called \u2018FileFix\u2019 in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. Interlock ransomware operations have increased over the past months as the threat actor started using the KongTuke web injector (aka \u2018LandUpdate808\u2019) to deliver payloads through compromised websites. This shift in modus operandi was [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-217894","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/217894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=217894"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/217894\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=217894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=217894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=217894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}