The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center have issued a joint cybersecurity advisory warning organizations of an emerging ransomware variant known as Interlock.
Here are five things to know about the ransomware variant:
- Interlock ransomware has been used in attacks on businesses and critical infrastructure across North America and Europe since September 2024, according to a July 22 advisory.
- The financially motivated variant uses a “double extortion” tactic — encrypting victims’ data and exfiltrating it to pressure organizations into paying a ransom.
- Interlock actors target both Windows and Linux virtual machines and have employed unusual methods to gain initial access, the advisory states.
- So far, ransom notes from the group do not include a dollar amount or payment instructions. Instead, victims are given a unique code and directed to contact the attackers via a Tor-based .onion website.
- Federal investigators have observed similarities between Interlock and another ransomware family, Rhysida, according to open-source reports. However, the extent of their relationship is unclear.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
