Interlock ransomware adopts FileFix method to deliver malware www.bleepingcomputer.com/news/secu…

Hackers have adopted the new technique called ‘FileFix’ in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.

Interlock ransomware operations have increased over the past months as the threat actor started using the KongTuke web injector (aka ‘LandUpdate808’) to deliver payloads through compromised websites.

The DFIR Report also mentions evidence of interactive activity, including Active Directory enumeration, checking for backups, navigating local directories, and examining domain controllers.

The command and control (C2) server can send shell commands for the RAT to execute, introduce new payloads, add persistence via a Registry run key, or move laterally via remote desktop (RDP).