Ransomware cyber

Texas Tech University

Jul 15, 2025 1 min read
Texas Tech University

Texas Tech University was one of the notable victims of the Interlock ransomware attack launched in September 2024. The attack involved the use of the FileFix technique, which is an evolution of the ClickFix attack. This method leveraged social engineering tactics to trick users into executing malicious PowerShell or JavaScript code. The attack led to the installation of a remote access trojan (RAT) on targeted systems, which gathered and exfiltrated system and network information. The attackers also demonstrated interactive activity, including Active Directory enumeration and checking for backups, indicating a significant level of compromise.

Source: https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/

TPRM report: https://scoringcyber.rankiteo.com/company/texas-tech-university-system

"id": "tex817071525",
"linkid": "texas-tech-university-system",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Education',
                        'location': 'Texas, USA',
                        'name': 'Texas Tech University',
                        'type': 'Educational Institution'},
                       {'industry': 'Healthcare',
                        'location': 'USA',
                        'name': 'DaVita',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare',
                        'location': 'USA',
                        'name': 'Kettering Health',
                        'type': 'Healthcare Provider'}],
 'attack_vector': ['KongTuke web injector', 'FileFix technique'],
 'data_breach': {'data_exfiltration': 'Yes',
                 'type_of_data_compromised': 'System and network information'},
 'date_detected': 'May 2024',
 'description': "Hackers have adopted the new technique called 'FileFix' in "
                'Interlock ransomware attacks to drop a remote access trojan '
                '(RAT) on targeted systems. Interlock ransomware operations '
                'have increased over the past months as the threat actor '
                "started using the KongTuke web injector (aka 'LandUpdate808') "
                'to deliver payloads through compromised websites.',
 'impact': {'data_compromised': 'System and network information'},
 'initial_access_broker': {'entry_point': 'KongTuke web injector'},
 'motivation': 'Financial gain and data exfiltration',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Interlock'},
 'references': [{'source': 'The DFIR Report'}],
 'threat_actor': 'Interlock Ransomware Group',
 'title': "Interlock Ransomware Attacks Utilize 'FileFix' Technique",
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.