Ransomware Group Interlock Uses ClickFix, Infostealers Amid IBM-Backed Big Four Espionage and South African Cyber Extortion

In early 2025, the ransomware group Interlock has adapted its tactics by incorporating the ClickFix social-engineering technique and using infostealers to enhance its cyberattacks, according to cybersecurity firm Sekoia. Meanwhile, criminals are increasingly targeting toll gates with skimming devices to steal bank card information and conduct unauthorized transactions. IBM research indicates that cybercriminals are becoming more stealthy, favoring low-profile credential theft and infostealers that facilitate rapid access and monetization of sensitive data. Experts from Mandiant predict that the so-called Big Four nation-states will persist with espionage and cybercrime activities to advance their geopolitical objectives throughout 2025. In response to rising global cyberwarfare threats, countries are strengthening their digital defenses. The impact of cyber extortion is notably severe in South Africa, affecting businesses of all sizes, as highlighted by Ryan van de Coolwijk, Product Head at iTOO Special Risks.