FBI urges users to beware worrying Interlock ransomware attacks

  • FBI, CISA, HHS, and MS-ISAC issue a joint statement on Interlock
  • They described the group’s MO and usual tactics
  • The advisory details mitigation techniques, too

The Federal Bureau of Investigation (FBI) is urging organizations to beware of ransomware attacks from the increasingly-notororious Interlock

Get Keeper’s Personal Password Manager plan for just $1.67/month

Keeper is a password manager with top-notch security. It’s fast, full-featured, and offers a robust web interface. The Personal Plan gets you unlimited password storage across all your devices, auto-login & autofill to save time, secure password sharing with trusted contacts, biometric login & 2FA for added security.View Deal

Rich tech stack

Describing Interlock’s methodology, the agencies said they usually gain initial access through drive-by downloads from compromised websites, fake browser and security updates, or ClickFix tactics.

Once initial access is established, the crooks would drop a myriad of tools that would grant them different abilities: PowerShell-based remote access trojans (RAT) for access, Lumma, Berserk, and other keyloggers for credential theft, various registry key modifications for system info gathering, AnyDesk, PuTTY, or ScreenConnect for lateral movement, and CobaltStrike, SystemBC, and others for command-and-control.

Interlock has developed encryptors for both Windows and Linux, it was further explained, with files getting either a .interlock, or a .1nt3rlock extension. The group has no upfront demands, their ransom note only contains a Tor link for negotiations, which are usually capped to 96 hours.

The FBI also said that it spotted some overlaps with another ransomware group called Rhysida, suggesting potential team-ups, or simply using the same infrastructure.

To defend against Interlock, FBI and friends recommend businesses patch their systems and software, use DNS filtering and web firewalls, enforce multi-factor authentication (MFA) and strong access controls wherever possible, segment their networks to limit spread, and deploy robust EDR tools, especially for virtual machines.

You might also like

Related Articles

Sem imagem Corner Time
Marvel Rivals ranks in order and Competitive Mode explained for Season 3 Marvel Rivals ranks in order and Competitive Mode explained for Season 3
Prime Video’s The Summer I Turned Pretty season 3 episode 3 has just created the next viral meme of the summer Prime Video’s The Summer I Turned Pretty season 3 episode 3 has just created the next viral meme of the summer
Sem imagem This nifty iPhone case gives your old model a USB-C upgrade to free you from dongle headaches

Request data export

Use this form to request a copy of your data on this website.

Request data removal

Use this form to request removal of your data from this website.

Request data rectification

Use this form to request the rectification of your data on this website. Here you can correct or update your data, for example.

Request unsubscribe

Use this form to request to unsubscribe your email from our email lists.