The Velvet Tempest group is deploying Termite ransomware through ClickFix social engineering techniques and legitimate Windows utilities. The attacks use DonutLoader malware and CastleRAT backdoor for persistence.