The FBI and CISA have issued a warning about the increasing threat of Interlock ransomware, which targets virtual machines across Windows and Linux systems. The attack techniques involve social engineering, remote access tools, and credential theft, emphasizing the need for robust cybersecurity measures. #InterlockRansomware #VMEncryption
Keypoints
- Interlock ransomware was first identified in September 2024, with at least 50 victims documented by Cyble researchers.
- The ransomware primarily targets virtual machines on Windows and Linux, with potential future expansion to other hosts and servers.
- Attack methods include fake browser updates and social engineering techniques like ClickFix, used to gain initial access.
- Cybercriminals use various tools such as Cobalt Strike, Lumma Stealer, and compromised RDP credentials for lateral movement.
- Recommended defenses include network segmentation, multi-factor authentication, timely patching, and maintaining encrypted offline backups.
Read More: https://thecyberexpress.com/cisa-fbi-interlock-ransomware/