Ransomware Roundup - Interlock

Dec. 3, 2024, 4:50 p.m.

Description

The Interlock ransomware is a new variant targeting Microsoft Windows and FreeBSD systems. It encrypts files and demands ransom for decryption. The malware has both Windows and FreeBSD versions, using AES-CBC encryption and adding a '.interlock' extension to encrypted files. It excludes certain files and directories from encryption. The ransomware's data leak site lists victims primarily in the United States and Italy, affecting sectors such as education, finance, government, healthcare, and manufacturing. The infection vector is unknown, but a backdoor was found on a victim's machine. The ransomware's TOR site includes sections for home, about, data leak, and help. FortiGuard Labs provides detection and protection against Interlock through various security solutions.

External References

https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock
https://otx.alienvault.com/pulse/674f2f0200bc79bf0c914fb4
Tags
ransomware
encryption
interlock
2024-12-03

Date

  • Created: Dec. 3, 2024, 4:17 p.m.
  • Published: Dec. 3, 2024, 4:17 p.m.
  • Modified: Dec. 3, 2024, 4:50 p.m.

Indicators

  • e9ff4d40aeec2ff9d2886c7e7aea7634d8997a14ca3740645fd3101808cc187b
  • e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1
  • a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
  • 7d750012afc9f680615fe3a23505f13ab738beef50cd92ebc864755af0775193
  • 28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f
Download all indicators here!

Attack Patterns

  • Interlock
  • Interlock
  • T1491.001
  • T1053.005
  • T1490
  • T1012
  • T1489
  • T1486
  • T1070
  • T1082
  • T1083
  • T1027
  • T1485

Additional Informations

  • Healthcare
  • Education
  • Finance
  • Government
  • Manufacturing
  • British Indian Ocean Territory
  • India
  • Italy
  • Peru
  • Japan
  • Germany
  • United States of America