The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center have issued a joint cybersecurity advisory warning organizations of an emerging ransomware variant known as Interlock.
Here are five things to know about the ransomware variant:
- Interlock ransomware has been used in attacks on businesses and critical infrastructure across North America and Europe since September 2024, according to a July 22 advisory.
- The financially motivated variant uses a “double extortion” tactic — encrypting victims’ data and exfiltrating it to pressure organizations into paying a ransom.
- Interlock actors target both Windows and Linux virtual machines and have employed unusual methods to gain initial access, the advisory states.
- So far, ransom notes from the group do not include a dollar amount or payment instructions. Instead, victims are given a unique code and directed to contact the attackers via a Tor-based .onion website.
- Federal investigators have observed similarities between Interlock and another ransomware family, Rhysida, according to open-source reports. However, the extent of their relationship is unclear.
