What is interlocking ransomware?
Interlock is a relatively new strain of ransomware that first emerged in the end of 2024. Unlike many other ransomware families, it targets not only Windows PCs, but also systems running FreeBSD.
If affected, you will find that your file is not only encrypted, but also has a “.interlock” attached. For example, a file named report.xlsx will become report.xlsx.interlock, which clearly indicates that it has been encrypted by Interlock.
Let me guess – does it ask you to pay for decryption?
How do you know? Yes, cyber attacks are so normal nowadays, malicious hackers will leave ransomware instructions on your system – telling you that you need to pay a ransom for the decryption key, which will unlock the encrypted file and prevent the file from being published on the dark web.
Do I need to take the threat seriously?
You are wise to take any ransomware threat seriously. Interlock’s leaked website on Dark Web has stolen data from many organizations.
How did the company get hit by Interlock in the first place?
Already seen distributions through fake updates through fake browsers such as Google Chrome and Microsoft Edge, downloadable from compromised legal websites.
These updated fake installers run PowerShell backdoors and ultimately lead to the delivery of ransomware.
What makes interlocking unique?
In addition to its ability to attack FreeBSD systems, Interlock was observed using ClickFix social engineering technology.
Click on fix? What is that?
This is a social engineering strategy used by malicious hackers to trick users into bringing malicious commands into their computers. The end result is usually the installation of malware, granting remote access to cybercriminals, or a complete system compromise.
For example, a fake error page in the verification code dialog might tell you to validate yourself by a specific sequence of keys or “solve” the problem. Follow the instructions to actually send malicious commands from the clipboard to your computer and will eventually run malicious code on your PC.
In October last year, the U.S. government warned Internet users to be alert to the ClickFix threat and gave examples of imitating websites such as Google, Facebook, Recaptcha, etc.
Every day, thousands of people fall from click scams, so helping their computers get infected.
Damn. How does ransomware resemble the internet justify their activities?
As far as Interlock is concerned, they think they are trying to improve cybersecurity.
We not only have to pay; we want accountability. Our actions send messages to those hiding behind weak defenses and half measures: Your data is only as safe as your efforts to protect it. If you do not take data security seriously, we will be on your behalf. Note or pay the price. In this digital age, there is no excuse for complacency. When companies ignore cybersecurity, we not only use ransom to pay, but they don’t forget when they are in class. We are here to implement standards they failed to stick to.
Does this justify what they do?
No, of course not. It is worth noting that hospitals and healthcare organizations have always been one of the targets of ransomware, which seems particularly indifferent.
So how does my company protect itself from interlocking?
The best advice is to follow the same advice on how to protect your organization from any other type of ransomware. These include:
- Perform a secure off-site backup.
- Run the latest security solutions and make sure your computer is protected by the latest security patches to prevent vulnerabilities.
- Use unique passwords that are difficult to crack to protect sensitive data and accounts and enable multi-factor authentication.
- Encrypt sensitive data as much as possible.
- Reduce attack surfaces by disabling features that companies don’t need.
- Educate and inform employees about the risks and methods of cybercriminals launching attacks and stealing data.
Stay safe.
Editor’s note: The opinions expressed in this article and other guest authors’ articles are only the opinions of the contributor and do not necessarily reflect Ford’s opinions.
