#StopRansomware: Interlock


Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe.

These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services. Interlock actors leverage a double extortion model, in which they both encrypt and exfiltrate victim data. Ransom notes do not include an initial ransom demand or payment instructions; instead, victims are provided with a unique code and are instructed to contact the ransomware group via a .onion URL through the Tor browser. To date, Interlock actors have been observed encrypting VMs, leaving hosts, workstations, and physical servers unaffected; however, this does not mean they will not expand to these systems in the future.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hacker claims to have hacked the FBI, but it wasn’t

    January 5, 2017

    A hacker yesterday claimed to have hacked the FBI’s website running on Plone CMS, but it seems it wasn’t hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story (see below) with official statements.A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI’s website (fbi.gov) and ...

  • 11 Gigabytes of Sensitive Data Belonging to US DoD Staff Exposed

    January 5, 2017

    Personal details of doctors who are deployed in the United States Special Operations Command (USSOCOM or SOCOM) have been exposed due to a security vulnerability discovered in a server operated by health services contractor Potomac Healthcare Solutions. MacKeeper Security Researcher Chris Vickery discovered in late December that Potomac, which provides healthcare workers to the government through ...