Fake Verification Pages Distribute Epsilon Red Ransomware via .HTA and ActiveX Exploits

Attackers are leveraging fake verification pages mimicking popular platforms like Discord, Twitch, and OnlyFans to distribute the Epsilon Red ransomware. This campaign employs .HTA files and ActiveX to infect systems, exploiting the trust users place in these platforms. Users are tricked into downloading and executing malicious files under the pretense of account verification. The .HTA files allow the execution of malicious scripts, while ActiveX is used to run harmful software components. The primary goal of this ransomware is to encrypt the victim's data and demand a ransom for decryption. The use of ClickFix to bypass CAPTCHA protections automates and scales the attack, making it more efficient and widespread. This campaign highlights the evolving tactics of ransomware attackers, who are increasingly using sophisticated social engineering techniques to exploit user trust. The technical implications are significant, as the attackers leverage legacy technologies like .HTA and ActiveX, which may not be as well-protected as newer ones. This underscores the importance of keeping systems updated and disabling unnecessary features that can be exploited. The impact on the cybersecurity landscape is considerable, as ransomware attacks continue to evolve and become more sophisticated. Organizations must prioritize user education and awareness, as well as robust security measures to detect and prevent such attacks. Multi-layered security defenses, including email filtering, endpoint protection, and regular backups, are essential to mitigate the risk of ransomware attacks. Additionally, incident response plans should be in place to ensure a swift and effective recovery in the event of an attack.