The Interlock ransomware gang has escalated its attacks against businesses and critical infrastructure in North America and Europe, with a focus on financially motivated attacks. CISA indicates that the group selects victims based on opportunity and has been using unique methods like drive-by downloads for initial access. They employ a double extortion model, exfiltrating data before encrypting systems, and have targeted companies such as Kettering Health and DaVita. Currently, they have conducted 16 confirmed attacks, with a total of 33 incidents reported since last October. Interlock's tactical diversity allows them to effectively infiltrate networks and maximize impact.
The Interlock ransomware gang targets businesses and critical infrastructure in North America and Europe, utilizing diverse tactics for initial access, including social engineering and drive-by downloads.
Interlock employs a double extortion model, exfiltrating data before encrypting systems to exert increased pressure on its victims, leading to significant disruptions.
The group has exploited a tactical diversity that includes impersonating IT tools, deploying remote access trojans, and using methods for discovery and lateral movement on networks.
Recent attacks include those on Kettering Health, DaVita, and West Lothian Council, with 16 confirmed attacks and an additional 17 unconfirmed attacks reported since last October.
Collection
[
|
...
]