The FBI and CISA have issued warnings about increased activity of the Interlock ransomware gang, targeting healthcare and critical infrastructure with double extortion tactics. The group has employed advanced techniques like drive-by downloads and the new FileFix method to deploy malware and exfiltrate data. #InterlockRansomware #DoubleExtortion #HealthcareCyberattack
Keypoints
- Interlock ransomware emerged in September 2024 and primarily targets healthcare organizations worldwide.
- The threat group has used drive-by downloads and social engineering tactics like FileFix to deliver malware.
- Recent attacks include breaches of DaVita and Kettering Health, resulting in significant data leaks and system outages.
- Defense measures recommended include DNS filtering, web firewalls, network segmentation, and multi-factor authentication.
- The group employs double extortion by encrypting systems and exfiltrating data to pressure victims into paying ransoms.