Today > 1 Critical | 23 High | 35 Medium | 3 Low vulnerabilities   -   You can now download lists of IOCs here!

Ransomware Roundup - Interlock

Dec. 3, 2024, 4:50 p.m.

Description

The Interlock ransomware is a new variant targeting Microsoft Windows and FreeBSD systems. It encrypts files and demands ransom for decryption. The malware has both Windows and FreeBSD versions, using AES-CBC encryption and adding a '.interlock' extension to encrypted files. It excludes certain files and directories from encryption. The ransomware's data leak site lists victims primarily in the United States and Italy, affecting sectors such as education, finance, government, healthcare, and manufacturing. The infection vector is unknown, but a backdoor was found on a victim's machine. The ransomware's TOR site includes sections for home, about, data leak, and help. FortiGuard Labs provides detection and protection against Interlock through various security solutions.

Date

Published: Dec. 3, 2024, 4:17 p.m.

Created: Dec. 3, 2024, 4:17 p.m.

Modified: Dec. 3, 2024, 4:50 p.m.

Indicators

e9ff4d40aeec2ff9d2886c7e7aea7634d8997a14ca3740645fd3101808cc187b

e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1

a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642

7d750012afc9f680615fe3a23505f13ab738beef50cd92ebc864755af0775193

28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f

Attack Patterns

Interlock

Interlock

T1491.001

T1053.005

T1490

T1012

T1489

T1486

T1070

T1082

T1083

T1027

T1485

Additional Informations

Healthcare

Education

Finance

Government

Manufacturing

British Indian Ocean Territory

India

Italy

Peru

Japan

Germany

United States of America