Interlock (ransomware virus)

Chronicle

2024: The emergence of the virus

In early November 2024, it became known that the cybercriminal group Interlock developed the first ransomware virus to attack computers running FreeBSD, a free operating system of the Unix family . The FreeBSD platform is common on critical infrastructure servers, making it an attractive target for attackers.

After penetrating the system with FreeBSD, the Interlock malware encrypts files using the AES-CBC algorithm, changing their extension to.interlock. The ransomware virus then creates a text document containing the ransom demands. Certain folders are excluded from the encryption process.

𝓲

Freepik

As of the end of November 2024, six organizations attacked by the new malware are known. The victims were institutions in the sectors of education, finance, public administration, health and production. Five of the attacked enterprises are in the United States, another in Italy. For example, among the victims was Wayne County in the US state of Michigan, which was attacked in early October 2024.

Since FreeBSD is widely used on servers in critical information infrastructures, the Interlock malware can disrupt vital services. At the same time, attackers can demand huge buyouts, "said Trend Micro, a cybersecurity product company.

When conducting attacks, Interlock hackers hack into the corporate network and steal data from servers, while injecting malware into various devices. After that, attackers use ransomware to encrypt all files on the network. The stolen data is being used as part of a double extortion attack, with cybercriminals threatening to publicly release the information if the ransom is not paid.^[1]

Notes