Man
Professional
- Messages
- 3,081
- Reaction score
- 620
- Points
- 113
Attackers strike at the heart of critical infrastructure.
A new group has appeared on the horizon of cyberspace, Interlock, which has developed a ransomware that targets FreeBSD servers. Launched at the end of September 2024, this campaign has already claimed to attack six companies and publish their stolen data after refusing to pay the ransom.
Among the victims was Wayne County, Michigan, which was attacked in early October. The first traces of Interlock came to light from an incident specialist under the pseudonym Simo, who discovered an unusual backdoor during an investigation in October.
MalwareHuntTeam soon identified a sample of the Linux ELF ransomware that turned out to be intended for FreeBSD. Research has shown that the ransomware was built for FreeBSD 10.4. However, when testing on a virtual machine, it was not possible to run it.
Previously, only groups like Hive created ransomware for FreeBSD, but its infrastructure was also dismantled by the FBI in 2023. Last week, Trend Micro announced that it had discovered another cryptographer for FreeBSD and a sample for Windows. According to them, FreeBSD is popular among critical infrastructures, which makes it an attractive target for attackers seeking to disrupt organizations and force them to pay a ransom.
Interestingly, Interlock also extends its activities to Windows, where the ransomware deletes system logs and adds the '.interlock' extension to all encrypted files.
An extortion note is created in each folder that explains what happened to the data and offers a link to a Tor site for negotiation.
To put pressure on victims, Interlock uses a double-extortion technique — stealing data and threatening to leak it if payment is refused. The size of the ransom can range from hundreds of thousands to millions of dollars, depending on the scale of the organization.
Source
A new group has appeared on the horizon of cyberspace, Interlock, which has developed a ransomware that targets FreeBSD servers. Launched at the end of September 2024, this campaign has already claimed to attack six companies and publish their stolen data after refusing to pay the ransom.
Among the victims was Wayne County, Michigan, which was attacked in early October. The first traces of Interlock came to light from an incident specialist under the pseudonym Simo, who discovered an unusual backdoor during an investigation in October.
MalwareHuntTeam soon identified a sample of the Linux ELF ransomware that turned out to be intended for FreeBSD. Research has shown that the ransomware was built for FreeBSD 10.4. However, when testing on a virtual machine, it was not possible to run it.
Previously, only groups like Hive created ransomware for FreeBSD, but its infrastructure was also dismantled by the FBI in 2023. Last week, Trend Micro announced that it had discovered another cryptographer for FreeBSD and a sample for Windows. According to them, FreeBSD is popular among critical infrastructures, which makes it an attractive target for attackers seeking to disrupt organizations and force them to pay a ransom.
Interestingly, Interlock also extends its activities to Windows, where the ransomware deletes system logs and adds the '.interlock' extension to all encrypted files.
An extortion note is created in each folder that explains what happened to the data and offers a link to a Tor site for negotiation.
To put pressure on victims, Interlock uses a double-extortion technique — stealing data and threatening to leak it if payment is refused. The size of the ransom can range from hundreds of thousands to millions of dollars, depending on the scale of the organization.
Source
