By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
India witnessed a surge in ransomware attacks, with over 243,000 attempts targeting businesses last year. Pilgrims planning the Kedarnath and Chaar Dhaam Yatra were duped by fake travel booking scams, prompting government alerts. In the U.S., a Chinese smishing kit targeted toll road users in eight states, impersonating E-ZPass systems. Grocery giant Ahold Delhaize USA confirmed a data breach affecting internal systems linked to its 2024 cyber incident. Meanwhile, the Interlock ransomware gang used deceptive IT tool scams (ClickFix) to deploy malware, signalling the rising use of social engineering tactics.
India Faces a Surge in Ransomware Attacks
Ransomware attacks surged across India in 2024, with businesses encountering an average of 665 daily incidents, according to Kaspersky. The security firm blocked over 243,000 ransomware attempts between January and December. A dominant strain, Trojan-Ransom.Win32.Wanna.m, locked users out of their systems or corrupted files, demanding payment to restore access. Both corporations and individuals were targeted in this ongoing cyber threat.
These attacks typically deliver a ransom note with payment instructions, promising decryption keys upon receipt. As attackers grow bolder, the rise in frequency and sophistication points to a need for stronger defenses and proactive cyber resilience strategies.
Cyber Scammers Target Religious Pilgrims in India
India’s Cyber Crime Coordination Centre (I4C) has warned of a spike in online booking scams preying on pilgrims planning visits to Kedarnath and Chaar Dhaam. Fraudsters are setting up fake websites, social media ads, and WhatsApp accounts offering fraudulent deals for helicopter rides, hotel stays, and travel packages. These deceptive schemes promise easy bookings but leave victims defrauded. The Ministry of Home Affairs has issued alerts urging travelers to verify sources before transacting. The scams are growing in sophistication, combining social engineering with well-crafted portals to exploit faith-based tourism during the Yatra season.
Chinese Smishing Kit Behind Toll Road Phishing Blitz in U.S.
A smishing campaign using a toolkit by Chinese actor Wang Duo Yu is targeting U.S. toll road users across eight states, mimicking E-ZPass and other toll systems. Victims receive SMS or iMessage alerts claiming unpaid tolls, prompting them to click a malicious link.
Researchers at Cisco Talos report the fraud is financially motivated and traceable to Lighthouse, a Telegram-based phishing service. Notably, users are tricked into replying “Y” to activate malicious links, bypassing default iMessage protections. With ongoing activity since October 2024, states including Texas, Virginia, and Florida remain in the crosshairs of this sophisticated toll fraud operation.
Ahold Delhaize USA Confirms Data Breach Impacting Grocery Chains
Ahold Delhaize USA, which owns grocery brands like Food Lion, Stop & Shop, and Hannaford, has confirmed data theft linked to a 2024 cybersecurity incident. In an April 2025 update, the company disclosed that files from internal systems were accessed by attackers during a previous breach.
This admission follows disruptions to online shopping and website outages reported in November 2024. With over 2,000 stores nationwide, the company is assessing the full impact while continuing its investigation. The breach underscores growing threats to retail supply chains and the need for tighter safeguards in operational and backend systems.
Interlock Ransomware Gang Exploits IT Trust with ClickFix Scams
The Interlock ransomware group is deploying a social engineering scheme called ClickFix, which lures victims into executing malicious PowerShell commands under the guise of IT fixes. These attacks result in file-encrypting malware infiltrating corporate networks. Initially detected in late 2024, Interlock has targeted both FreeBSD and Windows systems.
Unlike ransomware-as-a-service models, Interlock operates independently and maintains a dark web leak site to pressure victims for payment, demanding sums ranging from thousands to millions. The gang’s evolving tactics highlight how threat actors increasingly disguise malware as helpful tools to breach defenses through deception rather than brute force.
