LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Summary
The LeakNet ransomware group has adopted new tactics, utilizing the ClickFix technique for initial access into corporate networks. They are also employing a malware loader built on the Deno runtime, which supports JavaScript and TypeScript, to conduct their stealthy attacks.
IFF Assessment
FOE
This is bad news for defenders as it shows ransomware groups are evolving their techniques to bypass security controls and operate more stealthily.
Defender Context
Defenders should be aware of the ClickFix technique as a potential initial access vector and monitor for unusual activity related to the Deno runtime on their networks. This highlights the need for robust endpoint detection and response (EDR) and network traffic analysis to identify novel attack methods.