Unwrapping the emerging Interlock ransomware attack
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new ransomware group called Interlock has emerged, targeting various sectors with big-game hunting and double extortion attacks. The group uses a sophisticated delivery chain including a RAT disguised as a browser updater, PowerShell scripts, credential stealers, and keyloggers. They primarily move laterally through RDP and exfiltrate data using Azure Storage Explorer. The Interlock ransomware encrypts files with the .Interlock extension and drops ransom notes. The attackers claim to exploit unaddressed vulnerabilities and justify their actions as holding companies accountable for poor cybersecurity. Analysis suggests possible links to the Rhysida ransomware group based on similarities in tactics and code. The attack timeline indicates a dwell time of about 17 days in the victim's environment.
OPENCTI LABELS :
rat,keylogger,ransomware,rdp,azure,double-extortion,rhysida,interlock,credential-stealer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Unwrapping the emerging Interlock ransomware attack