The Interlock ransomware is getting used to focus on important infrastructure and companies throughout North America and Europe, the FBI and different federal businesses warned Tuesday.
Federal officers stated the group emerged in late September 2024 and has used unusual strategies of acquiring preliminary entry to gadgets corresponding to so-called drive-by downloads — when hackers use a compromised web site or malicious hyperlink to make malware robotically obtain onto a sufferer’s pc with out them understanding.
In some instances, Interlock ransomware actors have disguised malicious payloads as pretend Google Chrome or Microsoft Edge browser updates.
The hackers have additionally been seen utilizing ClickFix social engineering techniques for preliminary entry — a preferred trick the place attackers persuade victims to put in one thing below the guise of fixing a difficulty.
The group triggered alarm this yr with harmful assaults that shut down the dialysis therapy firm DaVita and one of the largest healthcare systems in Ohio. The Division of Well being and Human Companies assisted the FBI with the advisory alongside the Cybersecurity and Infrastructure Safety Company (CISA) and business group MS-ISAC.
Regardless of its high-profile healthcare assaults, the FBI stated the group targets victims merely primarily based on alternative.
Interlock actors have developed encryptors for each Home windows and Linux working programs. Ransom notes from the group don’t embrace ransom calls for or fee directions, and solely supply explanations for learn how to contact the risk actors. Ransom funds are demanded in Bitcoin.
The advisory notes that analysts have identified potential hyperlinks between Interlock and Rhysida — one other ransomware operation identified for its attacks on governments all over the world.
Federal investigators stated cybersecurity companies have seen Interlock utilizing data stealers like Lumma Stealer and Berserk Stealer to reap credentials — permitting them to maneuver all through a corporation and escalate their entry.
The FBI is more and more releasing advisories on particular ransomware strains in an effort to assist victims cope with risk actors at present launching assaults.
Federal regulation enforcement businesses have been ready to make use of incident response engagement to file legal action and even develop decryptors. On Friday, the FBI touted an announcement from Japanese officers a few decryptor for the Phobos ransomware.
Recorded Future
Intelligence Cloud.
