Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware
Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware
https://www.infosecurity-magazine.com/news/cybercriminals-pose-interpol/
Publish Date: 2026-07-02 08:00:00
Source Domain: www.infosecurity-magazine.com
Cybercriminals are posing as international law enforcement agencies in a phishing campaign designed to deliver ransomware attacks.
As detailed by Bitdefender Antispam Lab in a blog post published on July 1, the phishing attacks target small businesses across Europe, Asia, the Middle East and North America with emails which claim to come from the ‘Cybercrime Investigation Unit’ at Interpol.
The fake Interpol email claims that businesses which received it have potentially been involved with or subject to suspicious or fraudulent activity and that the victims should urgently open a file which purports to contain evidence to be reviewed.
By posing as Interpol and indicating potential involvement in a crime, the attackers are attempting to socially engineer the victim into immediately reacting without considering if the message could be fake.
The file is stored in a Proton Drive, which can be accessed by a link embedded in the email and is protected by a password, also contained in the initial phishing email. When opened, the user is directed to an executable disguised as a video file, which if run, will compromise the system with ransomware.
Read More: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats
The ransom note does not provide a ransom demand but rather instructs the victim to contact them through Tox, a peer-to-peer private messaging service.
“This approach has become increasingly common among ransomware operators. Rather than demanding the same amount from every victim, attackers often prefer to negotiate after establishing contact,” wrote Alina Bizga, security analyst at Bitdefender.
“The final ransom may depend on the size of the organization, the perceived value of its data and its ability to pay,” she added.
Organizations which have been targeted include those in food and agriculture, legal services, pharmaceuticals, media, technology and finance.
Researchers noted that the ransomware implant,…