Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Unwrapping the emerging Interlock ransomware attack

Nov. 7, 2024, 9:07 p.m.

Description

A new ransomware group called Interlock has emerged, targeting various sectors with big-game hunting and double extortion attacks. The group uses a sophisticated delivery chain including a RAT disguised as a browser updater, PowerShell scripts, credential stealers, and keyloggers. They primarily move laterally through RDP and exfiltrate data using Azure Storage Explorer. The Interlock ransomware encrypts files with the .Interlock extension and drops ransom notes. The attackers claim to exploit unaddressed vulnerabilities and justify their actions as holding companies accountable for poor cybersecurity. Analysis suggests possible links to the Rhysida ransomware group based on similarities in tactics and code. The attack timeline indicates a dwell time of about 17 days in the victim's environment.

Date

Published: Nov. 7, 2024, 4:41 p.m.

Created: Nov. 7, 2024, 4:41 p.m.

Modified: Nov. 7, 2024, 9:07 p.m.

Indicators

2mail.co

apple-online.shop

Attack Patterns

Interlock

Rhysida

Interlock

T1021.002

T1003.001

T1021.001

T1070.001

T1053.005

T1490

T1059.001

T1547.001

T1056.001

T1555

T1070.004

T1489

T1486

T1082

T1570

Additional Informations

Technology

Healthcare

Government

Manufacturing

Virgin Islands, U.S.