LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
Summary
The LeakNet ransomware operation has begun using a social engineering tactic called ClickFix, delivered via compromised websites, for initial access. This method tricks users into manually executing malicious commands under the guise of fixing errors, moving away from traditional methods like stolen credentials.
IFF Assessment
This article describes a new, sophisticated attack vector for ransomware deployment, which poses an increased threat to organizations.
Defender Context
Defenders should be aware of the ClickFix social engineering tactic, which relies on user interaction to execute malicious commands. Educating users about these deceptive techniques and ensuring robust endpoint detection and response (EDR) solutions are in place to identify and block in-memory execution are crucial mitigation strategies.