CP
cyberpings
Malware & RansomwareHIGH

LeakNet Ransomware - New ClickFix Tactics Uncovered

THThe Hacker News
LeakNetClickFixDenoransomwaresocial engineering
🎯

Basically, LeakNet ransomware tricks people into running harmful commands on their computers.

Quick Summary

LeakNet ransomware is using ClickFix tactics via hacked sites to trick users into running harmful commands. This new strategy broadens their reach, putting many at risk. Stay informed and protect your systems against these evolving threats.

What Happened

The LeakNet ransomware operation has recently evolved its tactics by incorporating a method known as ClickFix. This technique is delivered through compromised websites, marking a significant shift from traditional initial access methods like stolen credentials. Instead of relying on third-party suppliers or initial access brokers, LeakNet now uses compromised sites to trick users into executing harmful commands to fix fake errors.

In these attacks, victims are presented with legitimate-looking CAPTCHA verification checks that prompt them to copy and paste a command into their Windows Run dialog. This approach reduces the operational bottleneck and allows for a broader reach, as it does not depend on specific industry targets. The cybersecurity firm ReliaQuest highlighted that this change in strategy allows for a more streamlined attack process, enabling attackers to execute their plans more efficiently.

Who's Being Targeted

LeakNet's new tactics are not limited to any specific industry. By casting a wide net, the group aims to infect as many victims as possible. The use of compromised websites to deliver these attacks means that unsuspecting users from various sectors are at risk. This broad targeting strategy is designed to maximize the potential for infection and subsequent ransom demands.

The adoption of ClickFix also signals a strategic shift for LeakNet, moving away from dependency on initial access brokers. This change allows them to operate more quickly and broadly, increasing their chances of success in ransomware attacks.

Signs of Infection

Victims may notice unusual behavior on their systems, particularly after interacting with compromised websites. If users have executed commands prompted by fake error messages, they may be infected with the LeakNet ransomware. The ransomware employs a Deno-based loader to execute malicious payloads directly in memory, minimizing on-disk evidence that could alert security measures.

As the attack unfolds, LeakNet's methodology includes using DLL side-loading to launch malicious code, lateral movement within the network, data exfiltration, and ultimately, encryption of files. Users should remain vigilant for signs of unauthorized access or unusual system performance.

How to Protect Yourself

To safeguard against LeakNet and similar ransomware attacks, users should adopt several best practices. First, ensure that all software is up-to-date, as vulnerabilities can be exploited by these types of malware. Additionally, be cautious when interacting with unfamiliar websites or executing commands prompted by pop-ups or error messages.

Implementing robust endpoint protection solutions can help detect and block malicious activities. Regularly back up important data to secure locations, ensuring that files can be restored in the event of a ransomware attack. Lastly, educating users about social engineering tactics, such as ClickFix, can significantly reduce the risk of falling victim to these schemes.

🔒 Pro insight: LeakNet's shift to ClickFix reflects a growing trend among ransomware actors to exploit user trust through social engineering.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Attackers Use SEO Poisoning to Steal VPN Credentials

Storm-2561 is stealing VPN credentials through SEO poisoning. This attack targets enterprise employees searching for VPN tools, leading them to fake software. The implications are serious, as stolen credentials can enable unauthorized access to corporate networks.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Six Packagist Themes Distribute Trojanized jQuery

A supply chain attack has compromised OphimCMS with six malicious themes. These themes contain trojanized jQuery, posing risks to developers and users alike. Immediate action is required to secure affected systems and protect sensitive data.

Cyber Security News·
HIGHMalware & Ransomware

LeakNet Ransomware - Stealthy Attacks Using ClickFix Technique

LeakNet ransomware gang is using ClickFix for stealthy attacks. This new tactic targets corporate environments, increasing the risk of data breaches. Organizations must stay vigilant.

BleepingComputer·
HIGHMalware & Ransomware

Malware - Konni Uses Phishing to Deploy EndRAT via KakaoTalk

North Korean hackers are using phishing emails to deploy EndRAT malware. Victims' KakaoTalk accounts are compromised to spread the attack further. This poses a significant risk to sensitive information and trust among contacts. Stay vigilant against suspicious emails and messages.

The Hacker News·
HIGHMalware & Ransomware

Payload Ransomware - New Threat Uses Babuk-Style Encryption

A new ransomware called Payload is wreaking havoc across sectors. It targets mid-to-large organizations, stealing and encrypting critical data. With advanced techniques, the risk of data loss is significant. Organizations must take immediate action to protect themselves.

Cyber Security News·
HIGHMalware & Ransomware

Malware - ClickFix Attacks Evolve with ChatGPT Lures

ClickFix attacks are evolving, now targeting macOS users with sophisticated infostealers like MacSync. These tactics exploit user trust, bypassing security measures. Stay alert to protect your data!

Security Affairs·