Ransomware Scammers Pose as Interpol, Target Small Businesses Across Globe
A sophisticated yet deceptively simple ransomware campaign has been making headlines in recent days, with attackers posing as Interpol to entice small businesses into downloading malware. The campaign, which has already affected organizations across the US, Europe, Middle East, and Asia, highlights how basic social engineering tactics can be just as effective as complex cyberattacks.
The scheme begins with phishing emails that impersonate Interpol investigators, claiming the recipient’s organization is under investigation for suspicious activity. These messages are often convincing, conveying a sense of urgency related to alleged criminal activity, and instruct victims to download a password-protected archive hosted on Proton Drive in order to review supporting evidence. However, if opened, the archive delivers a ransomware payload disguised as a benign video file that encrypts local systems.
The attackers’ approach is notable for its lack of sophistication, with Bitdefender’s analysis revealing a rudimentary but effective ransomware sample containing hardcoded values and lacking many features typically associated with large-scale ransomware operations. Perhaps most intriguingly, the campaign eschews a fixed ransom demand, instead prompting victims to contact the attackers via Tox peer-to-peer messaging platform to negotiate payment.
This approach mirrors a trend seen across the ransomware ecosystem, where attackers increasingly tailor their demands based on the size and perceived ability of the compromised organization to pay. Many targeted organizations appear to be small businesses, often underestimating their vulnerability to cyberattacks due to misconceptions about their attractiveness to ransomware operators. As Bitdefender notes, this campaign highlights how even relatively simple malware can become a serious threat when paired with convincing social engineering tactics.
The statistics paint a concerning picture of the state of cybersecurity among small businesses. According to CrowdStrike’s State of SMB Cybersecurity Survey, smaller organizations are disproportionately affected by cyberattacks, with 29% of SMBs with fewer than 25 employees hit in ransomware attacks. Meanwhile, two-thirds of SMB leaders admit that a lack of budget prevents them from making necessary security upgrades.
In light of this campaign and the broader threat landscape, it’s essential for small businesses to reevaluate their cybersecurity posture. This includes being cautious when receiving unsolicited emails or messages purporting to be from official organizations, as well as having robust backup systems in place to minimize the impact of potential ransomware attacks. Additionally, investing in security awareness training and staying informed about emerging threats can help mitigate the risk of falling victim to these types of campaigns.
Source: Dark Reading — 2026-07-02