Ethical Hacking News
Interlock ransomware is a growing threat that targets businesses and critical infrastructure organizations through double extortion attacks. To defend against this threat, organizations must take proactive measures to protect their networks and systems from these novel tactics.
Interlock ransomware attacks are escalating threat with double extortion method. The group has already breached high-profile targets like DaVita and Kettering Health, resulting in large data theft and leaks. Initial access is via drive-by download from compromised legitimate websites, a unique approach for ransomware groups. Interlock actors use FileFix technique to trick users into executing malicious code without displaying security warnings. To defend against Interlock attacks, organizations should implement DNS filtering, web access firewalls, and educate users about social engineering attempts.
In a recent joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), warning has been sounded about an escalating threat posed by Interlock ransomware attacks. These double extortion attacks, which have gained significant attention in recent months, are being carried out by a relatively new ransomware operation that emerged in September 2024.
The Interlock gang, as it has come to be known, has already made a name for itself by breaching several high-profile targets, including DaVita, a Fortune 500 company specializing in kidney care, and Kettering Health, a healthcare giant that operates over 120 outpatient facilities and employs more than 15,000 people. The group's attacks have resulted in the theft and leak of large amounts of data from these organizations, highlighting the severity of this threat.
According to the advisory issued by CISA and the FBI, Interlock ransomware actors are employing a unique method of initial access via drive-by download from compromised legitimate websites. This approach is uncommon among ransomware groups, which typically rely on more traditional methods such as phishing or exploiting vulnerabilities in software applications. The FBI has also observed that Interlock actors are using a double extortion model, where they encrypt systems after exfiltrating data, thereby increasing pressure on victims to pay the ransom to both get their data decrypted and prevent it from being leaked.
Furthermore, the FBI has noted that Interlock actors have adopted a new technique called FileFix, which involves weaponizing trusted Windows UI elements, including the Windows File Explorer and HTML Applications (.HTA), to trick targets into executing malicious PowerShell or JavaScript code without displaying any security warnings. This social engineering attack highlights the importance of educating users about the latest tactics employed by ransomware actors.
To defend against Interlock ransomware attacks, CISA and the FBI recommend several measures, including implementing Domain Name System (DNS) filtering, web access firewalls, and training users to recognize social engineering attempts. It is also essential for organizations to keep their systems, software, and firmware up-to-date and segment networks to limit access from compromised devices.
Additionally, establishing identity, credential, and access management (ICAM) policies and requiring multifactor authentication (MFA) for all services when possible can help mitigate the risk of Interlock ransomware attacks. By taking these precautions, organizations can significantly reduce their vulnerability to this growing threat.
In conclusion, the Interlock ransomware gang is a significant threat to businesses and critical infrastructure organizations. Their use of novel tactics such as drive-by downloads and social engineering attacks highlights the need for vigilance and proactive measures to prevent and respond to these types of incidents. By staying informed about emerging threats like Interlock and taking steps to protect their networks, organizations can minimize the risk of disruption and data loss.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-and-FBI-Warn-of-Escalating-Interlock-Ransomware-Attacks-A-Growing-Threat-to-Businesses-and-Critical-Infrastructure-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-and-fbi-warn-of-escalating-interlock-ransomware-attacks/
Published: Tue Jul 22 15:08:40 2025 by llama3.2 3B Q4_K_M
