Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

July 3, 2026

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang

July 3, 2026

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

July 3, 2026
Facebook X (Twitter) Instagram
Saturday, July 4
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware
News

Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware

Team-CWDBy Team-CWDJuly 2, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Cybercriminals are posing as international law enforcement agencies in a phishing campaign designed to deliver ransomware attacks.

As detailed by Bitdefender Antispam Lab in a blog post published on July 1, the phishing attacks target small businesses across Europe, Asia, the Middle East and North America with emails which claim to come from the ‘Cybercrime Investigation Unit’ at Interpol.

The fake Interpol email claims that businesses which received it have potentially been involved with or subject to suspicious or fraudulent activity and that the victims should urgently open a file which purports to contain evidence to be reviewed.

By posing as Interpol and indicating potential involvement in a crime, the attackers are attempting to socially engineer the victim into immediately reacting without considering if the message could be fake.

The file is stored in a Proton Drive, which can be accessed by a link embedded in the email and is protected by a password, also contained in the initial phishing email. When opened, the user is directed to an executable disguised as a video file, which if run, will compromise the system with ransomware.

Read More: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats

The ransom note does not provide a ransom demand but rather instructs the victim to contact them through Tox, a peer-to-peer private messaging service.

“This approach has become increasingly common among ransomware operators. Rather than demanding the same amount from every victim, attackers often prefer to negotiate after establishing contact,” wrote Alina Bizga, security analyst at Bitdefender.

“The final ransom may depend on the size of the organization, the perceived value of its data and its ability to pay,” she added.

Organizations which have been targeted include those in food and agriculture, legal services, pharmaceuticals, media, technology and finance.

Researchers noted that the ransomware implant, which doesn’t even appear to have a name, is relatively simple and lacks many of the more sophisticated functions associated with major ransomware operations.

“The malware does not appear to belong to any known ransomware family. Researchers found that it uses a relatively simple implementation, including hardcoded values embedded directly in the code, rather than the more sophisticated key management and infrastructure typically seen in established ransomware operations,” Bizga told Infosecurity.

“These characteristics suggest the payload was custom-built for the campaign rather than developed by a well-known ransomware group,” she added. 

To help avoid falling victim to this ransomware campaign or others which could use similar tactics, Bitdefender has suggested that individuals, especially at small businesses, should verify all unsolicited correspondence before acting, including by reaching out by official channels if needed.

And as Bizga noted, it is highly unlikely that a law enforcement agency would reach out about an urgent alert via email.

“One of the biggest red flags in this campaign is the delivery method itself. While the attackers impersonate Interpol, legitimate law enforcement agencies don’t send unsolicited emails containing Proton Drive links to password-protected files and ask organizations to review alleged evidence of wrongdoing,” she said.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleNew SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
Next Article OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
Team-CWD
  • Website

Related Posts

News

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

July 3, 2026
News

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang

July 3, 2026
News

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

July 3, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Is it OK to let your children post selfies online?

February 17, 2026

Chronology of a Skype attack

February 5, 2026

Beware of Winter Olympics scams and other cyberthreats

February 2, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.