Ransomware Roundup - Interlock
Dec. 3, 2024, 4:50 p.m.
Tags
External References
Description
The Interlock ransomware is a new variant targeting Microsoft Windows and FreeBSD systems. It encrypts files and demands ransom for decryption. The malware has both Windows and FreeBSD versions, using AES-CBC encryption and adding a '.interlock' extension to encrypted files. It excludes certain files and directories from encryption. The ransomware's data leak site lists victims primarily in the United States and Italy, affecting sectors such as education, finance, government, healthcare, and manufacturing. The infection vector is unknown, but a backdoor was found on a victim's machine. The ransomware's TOR site includes sections for home, about, data leak, and help. FortiGuard Labs provides detection and protection against Interlock through various security solutions.
Date
Published: Dec. 3, 2024, 4:17 p.m.
Created: Dec. 3, 2024, 4:17 p.m.
Modified: Dec. 3, 2024, 4:50 p.m.
Indicators
e9ff4d40aeec2ff9d2886c7e7aea7634d8997a14ca3740645fd3101808cc187b
e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
7d750012afc9f680615fe3a23505f13ab738beef50cd92ebc864755af0775193
28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f
Attack Patterns
Interlock
Interlock
T1491.001
T1053.005
T1490
T1012
T1489
T1486
T1070
T1082
T1083
T1027
T1485
Additional Informations
Healthcare
Education
Finance
Government
Manufacturing
British Indian Ocean Territory
India
Italy
Peru
Japan
Germany
United States of America