Dark Reading reports a ransomware campaign that leans on impersonating Interpol to pressure small businesses, using straightforward social engineering rather than sophisticated tooling. By dressing up their demands as communications from the international police organization, the attackers try to intimidate owners and staff who may lack dedicated security teams into believing they are in legal trouble and paying up. The campaign spans several regions, including the United States, Europe, and the Middle East. It is a reminder that authority-themed impersonation remains effective against smaller organizations, where a convincing-looking notice can short-circuit normal caution and verification.
A researcher at Israel Aerospace Industries published a proof-of-concept tool called GhostLock that uses a legitimate Windows API call to make files unreadable without encrypting anything. The technique abuses the dwShareMode parameter of CreateFileW - setting it to 0 grants the calling process exclusive access, so every other user or app trying to open the file gets a sharing violation. GhostLock automates this recursively across SMB shares from a standard domain user account, no elevation required. Researcher Kim Dvash frames it as a disruption attack, not destructive - data is not lost, but operational downtime can mirror a ransomware incident.