Summary:
The Ransomware Roundup report by FortiGuard Labs highlights the emergence of the Interlock ransomware, which targets Microsoft Windows and FreeBSD systems. This variant encrypts files and demands ransom for decryption, posing a high severity threat. The report discusses its infection vector, attack methods, and the sectors affected, while also providing insights into Fortinet’s protective measures against such threats.
#InterlockRansomware #RansomwareThreats #FortinetSolutions
The Ransomware Roundup report by FortiGuard Labs highlights the emergence of the Interlock ransomware, which targets Microsoft Windows and FreeBSD systems. This variant encrypts files and demands ransom for decryption, posing a high severity threat. The report discusses its infection vector, attack methods, and the sectors affected, while also providing insights into Fortinet’s protective measures against such threats.
#InterlockRansomware #RansomwareThreats #FortinetSolutions
Keypoints:
Interlock ransomware targets Microsoft Windows and FreeBSD users.
It encrypts files and demands ransom for decryption.
First identified in early October 2024, possibly emerging earlier.
Initial infection vector remains unidentified; a backdoor was found on a victim’s machine.
Windows version supports various Windows operating systems and encrypts files with a “.interlock” extension.
Excludes certain file types and directories from encryption.
Creates a scheduled task named “TaskSystem” for persistent execution.
FreeBSD version uses AES-CBC encryption and has similar operational parameters.
Victims span multiple sectors including education, finance, government, healthcare, and manufacturing.
Data leak site operates on TOR, listing victims and stolen files.
Fortinet solutions effectively detect and block Interlock ransomware variants.
Recommendations include keeping AV and IPS signatures updated and training users to recognize phishing threats.
MITRE Techniques
Execution (T1203): Exploits vulnerabilities in software to execute the ransomware.
Persistence (T1053): Creates a scheduled task to maintain persistence on the victim’s machine.
Data Encrypted for Impact (T1486): Encrypts files to demand ransom from victims.
Command and Control (T1071): Utilizes backdoor for potential command and control communication.
IoC:
[File Hash] a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642 – Interlock ransomware (Windows version)
[File Hash] 28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426 – Interlock ransomware (FreeBSD version)
[File Hash] e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1 – Interlock ransomware
[File Hash] f00a7652ad70ddb6871eeef5ece097e2cf68f3d9a6b7acfbffd33f82558ab50e – Interlock ransomware
[File Hash] e9ff4d40aeec2ff9d2886c7e7aea7634d8997a14ca3740645fd3101808cc187b – Backdoor malware
[File Hash] 7d750012afc9f680615fe3a23505f13ab738beef50cd92ebc864755af0775193 – Backdoor malware
[File Hash] 6933141fbdcdcaa9e92d6586dd549ac1cb21583ba9a27aa23cf133ecfdf36ddf – Backdoor malware
Full Research: https://feeds.fortinet.com/~/908607899/0/fortinet/blog/threat-research~Ransomware-Roundup-Interlock