Phishing Campaign Impersonates Interpol to Deliver Ransomware

KnowBe4 Team | Jul 9, 2026

A phishing campaign is targeting small businesses across Europe, Asia, the Middle East, and the United States with emails that impersonate Interpol’s cybercrime investigation unit, researchers at Bitdefender report.

“Recipients are told that investigators have obtained information and video material related to their organization and are encouraged to review the evidence as soon as possible,” Bitdefender says. “The message is carefully crafted to create anxiety. Nobody wants to receive an email suggesting their company may be involved in suspicious or fraudulent activity or under investigation. To review the alleged evidence, recipients are directed to a Proton Drive link containing a password-protected archive. The password is conveniently included in the email itself. Once opened, the archive appears to contain a video file documenting the supposed activities under investigation. Instead, the victim is greeted with malware.”

Once installed, the malware deploys ransomware on available drives and tells the victim to contact the attackers to pay a ransom.

“One of the biggest red flags in this campaign is the delivery method itself,” the researchers write. “While the attackers impersonate Interpol, legitimate law enforcement agencies don't send unsolicited emails containing Proton Drive links to password-protected files and ask organizations to review alleged evidence of wrongdoing. If you receive a message like this, resist the urge to investigate on your own. Instead, verify the communication through official channels before opening any attachments or downloading files.”

The researchers note that small businesses are often particularly vulnerable to these types of attacks.

“Small businesses are often viewed as easier targets than large enterprises,” Bitdefender says. “Many operate without dedicated IT teams or cybersecurity staff. Security responsibilities are often shared among employees who already wear multiple hats, and limited budgets can make it difficult to invest in advanced security measures or ongoing training. When an alarming email arrives claiming to involve investigators, compliance issues, or evidence of misconduct, there may be no formal process for verifying the claims before someone clicks. Attackers understand this reality and design campaigns specifically to exploit it.”

Bitdefender has the story: Fake Interpol investigation emails target small businesses with ransomware

 

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Request a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.