| Category | Details |
|---|---|
| Threat Actors | Not specifically attributed; uses a previously unknown backdoor for deployment. |
| Campaign Overview | Emerged in September 2024; encrypts files and demands ransom via notes left on infected systems. |
| Target Regions (Victims) | Victims reported in the U.S., Italy, India, Japan, Germany, Peru, South Korea, Turkey. |
| Methodology | Encrypts files using AES-CBC; adds a “.interlock” extension; excludes certain files and folders. |
| Product Targeted | Microsoft Windows (Vista to Windows 10) and FreeBSD operating systems. |
| Malware Reference | Interlock ransomware. |
| Tools Used | Previously unknown backdoor; creates scheduled task named “TaskSystem” to run commands daily. |
| Vulnerabilities Exploited | No specific vulnerabilities identified; infection vector remains unclear. |
| TTPs | File encryption, ransom note delivery, and scheduled task creation for persistence. |
| Attribution | No explicit attribution; suspected new actor/group operating globally. |
| Recommendations | Deploy robust endpoint protection, update systems, monitor for unauthorized tasks, and back up data regularly. |
| Source | Fortinet |
Read full article: https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply