LeakNet Ransomware Group Deploys Fake CAPTCHA Phishing Campaign Against Enterprises
What Happened – The LeakNet ransomware gang, which markets itself as “investigative journalists,” is distributing malicious CAPTCHA‑style web pages that lure employees into downloading ransomware payloads. Victims are tricked into solving a fake CAPTCHA, which then executes the ransomware installer on their workstation.
Why It Matters for TPRM –
- The attack vector exploits human factors, bypassing many technical controls.
- Ransomware can lead to data encryption, operational downtime, and potential data exfiltration.
- The group’s self‑branding as journalists may increase credibility, raising the risk of successful social engineering across third‑party ecosystems.
Who Is Affected – Enterprises across all sectors that rely on external vendors, especially those with remote workforces and limited security awareness training.
Recommended Actions –
- Review and tighten phishing awareness programs for all employees and third‑party users.
- Enforce multi‑factor authentication (MFA) on all privileged accounts.
- Validate that vendors employ anti‑phishing and endpoint detection & response (EDR) solutions.
Technical Notes – The campaign uses a malicious CAPTCHA page hosted on compromised or attacker‑controlled domains. When a user attempts to solve the CAPTCHA, a script silently downloads and executes a ransomware binary (payload not publicly disclosed). No specific CVE is linked; the attack relies on social engineering rather than a software vulnerability. Source: Graham Cluley – Fortra Blog