Connect with us

CISO Blog

Interlock: The New Kid on the Block (and It’s a Bad One)

Interlock: The New Kid on the Block (and It’s a Bad One)

Interlock, the newest kid on the ransomware block, is causing quite a stir. This sneaky little malware is targeting critical infrastructure, specifically FreeBSD servers. It’s like they’re going after the low-hanging fruit, but with a twist.

How does Interlock work its magic?

Virtual Machine Hijacking: Interlock targets VMware ESXi hypervisors, taking over virtual machines and encrypting their data. It’s like a digital heist, but instead of robbing a bank, they’re robbing your virtual servers.
Data Extortion: Not only do they encrypt your data, but they also steal it. It’s like a double whammy: pay the ransom or risk having your sensitive data leaked online.
So, how can you protect yourself from this nasty piece of malware?

Patch your systems: Keep your software and firmware up-to-date.
Implement strong access controls: Use multi-factor authentication and restrict access to critical systems.
Back up your data: Regularly back up your data and store it offline.
Use endpoint detection and response (EDR) solutions: These tools can help detect and respond to attacks.
Remember, cybersecurity is an ongoing battle. Don’t let your guard down. Stay vigilant, stay informed, and stay safe.

Published

on


Interlock, the newest kid on the ransomware block, is causing quite a stir. This sneaky little malware is targeting critical infrastructure, specifically FreeBSD servers. It's like they're going after the low-hanging fruit, but with a twist.

How does Interlock work its magic?

Remember, cybersecurity is an ongoing battle. Don't let your guard down. Stay vigilant, stay informed, and stay safe.
  • Virtual Machine Hijacking: Interlock targets VMware ESXi hypervisors, taking over virtual machines and encrypting their data. It's like a digital heist, but instead of robbing a bank, they're robbing your virtual servers.
  • Data Extortion: Not only do they encrypt your data, but they also steal it. It's like a double whammy: pay the ransom or risk having your sensitive data leaked online.
So, how can you protect yourself from this nasty piece of malware?
  • Use endpoint detection and response (EDR) solutions: These tools can help detect and respond to attacks.
  • Patch your systems: Keep your software and firmware up-to-date.
    Implement strong access controls: Use multi-factor authentication and restrict access to critical systems.
  • Back up your data: Regularly back up your data and store it offline.

Interlock Ransomware - Detailed report

Interlock is a relatively new ransomware operation first detected in late September 202412. The group behind Interlock has targeted organisations worldwide, with a particular focus on the healthcare sector.

Targeting and Attack Vectors

Interlock employs an unusual approach compared to other ransomware operations by specifically targeting FreeBSD servers, an operating system commonly used in critical infrastructure. This suggests that Interlock operators are seeking to disrupt vital services and potentially demand  higher ransoms due to the impact of their attacks.

Key attack vectors include:

  • Exploiting vulnerabilities within virtual environments.
  • Compromising VMware's ESXi hypervisors, which allows the attackers to gain control of virtual machines (VMs) without affecting physical servers and workstations.
  • Encrypting virtual disk files (VMDKs) and changing root passwords on ESXi hosts, making data recovery extremely difficult.

Ransomware Execution and Impact

Interlock has developed both Windows and FreeBSD encryptors69. The Windows version clears Windows event logs and can delete itself using a DLL10.

During an attack, Interlock performs the following actions:

  • Data exfiltration: Breaches the corporate network and steals data from servers before deploying the ransomware.
  • Lateral movement: Spreads to other devices on the network.
  • Encryption: Deploys the ransomware to encrypt all files on the network, appending the .interlock extension to encrypted filenames.
  • Ransom note: Creates a ransom note named !!.txt in each folder, containing instructions for contacting the attackers and making payment.
  • Double extortion: Uses stolen data as leverage, threatening to publicly leak it on their data leak site if the ransom is not paid.

Ransom demands range from hundreds of thousands to millions of dollars, depending on the victim organisation's size.

Command and Control

Interlock establishes command and control (C2) through a scheduled task over an anonymized network, using a reverse shell for communication78. This sophisticated approach helps the ransomware evade detection by traditional network monitoring tools.

Malware Analysis and Detection

Foresiet, a digital security firm, has analysed Interlock's processes and identified several components that facilitate its malicious activities:

  • Processes: Leverages common system processes like rundll32.exe to load malicious DLLs from temporary directories.
  • Signatures: Displays unusual network requests associated with processes like rundll32.exe, serving as an indicator of compromise (IoC).
  • Network activity: Communicates with a C2 server over HTTPS (TLS-encrypted), concealing its traffic within legitimate web traffic.
  • Detecting Interlock requires advanced signature-based methods. Foresiet recommends using YARA rules to identify specific ELF binaries based on their internal structure, string patterns, and file size.

MITRE ATT&CK Techniques

Interlock utilises various techniques mapped to the MITRE ATT&CK framework. Some notable examples include:

  • Resource hijacking: Compromises virtual environments to control and disrupt crucial system resources.
  • Impair defenses: Deletes local backups and modifies security settings to prevent recovery efforts.
  • Signed binary proxy execution: Employs rundll32.exe to execute malicious DLLs and maintain persistence.
  • Obfuscated files or information: Uses encryption and anonymized networks to hide its communications and actions.
  • Application layer protocol: Communicates with C2 servers over HTTPS, concealing its traffic within legitimate web traffic.

Prevention and Mitigation

Organisations can take the following steps to protect themselves from Interlock ransomware:

  • Patch management: Regularly update systems, particularly those running virtual environments, to address known vulnerabilities.
  • Access controls and MFA: Enforce multifactor authentication (MFA) and robust access controls to prevent unauthorised access.
  • Backup strategy: Ensure regular backups and store them offline to protect against encryption and deletion.
  • Endpoint detection & response (EDR): Deploy EDR solutions to monitor for suspicious activities like unusual process execution or network traffic.

By implementing a multi-layered security approach, organisations can significantly reduce their risk of falling victim to Interlock and other sophisticated ransomware threats.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CISO Blog

The Importance of Digital Transformation in Today’s Business World

In today’s rapidly evolving business landscape, digital transformation has become a necessity, not just a trend. It is the integration of digital technologies into every aspect of a business, fundamentally changing how it operates and delivers value to customers. From evolving customer expectations to increased competition and the need for agility, digital transformation is essential for businesses to thrive. By leveraging data as a strategic asset, embracing technological advancements, and shifting to digital business models, organizations can gain a competitive edge, improve efficiency, and enhance customer experiences.  

However, successful digital transformation requires more than just technology adoption.

It involves a cultural shift, a skilled workforce, and a focus on cybersecurity and ethical data practices. By embracing digital transformation and addressing these key considerations, businesses can navigate the challenges of the digital age and position themselves for long-term success.  

Sources and related content

Published

on

Digital transformation is not just a trend but a necessity for businesses seeking to thrive in today's rapidly evolving landscape. It involves the integration of digital technologies into every aspect of a business, fundamentally changing how it operates and delivers value to customers.

Here's why digital transformation is crucial:

  1. Evolving Customer Expectations:

Customers are increasingly tech-savvy and demanding personalized experiences across all communication channels. Businesses must be faster in all phases of the customer journey, from interaction to delivery and re-engagement, to meet these expectations.

  1. Increased Competition and Disruption:

Competition is fierce, with new players, especially "insurtech" companies, leveraging technology to disrupt traditional models. These disruptors often offer easy-to-use digital products and target the inefficiencies of established businesses.

  1. The Need for Agility and Resilience:

Businesses must be agile and adaptable to cope with rapidly changing market dynamics and customer preferences. The COVID-19 pandemic highlighted the importance of digital transformation in providing resilience and fallback options for businesses.

  1. Data as a Strategic Asset:

Data is a valuable asset that can drive business decisions, improve customer experiences, and fuel innovation. Digital transformation enables organizations to effectively collect, manage, and analyze data to gain valuable insights.

  1. Technological Advancements:

Rapid technological advancements, such as AI, machine learning, blockchain, and the Internet of Things, offer significant opportunities for businesses to optimize operations, reduce costs, and create new revenue streams.

  1. The Shift to Digital Business Models:

Digital transformation allows businesses to move away from traditional models and embrace new, digitally enabled models. This includes offering digital products and services, utilizing data analytics to personalize offerings, and adopting subscription-based business models.

  1. The Importance of Continuous Improvement:

Digital transformation is an ongoing journey, requiring continuous learning, adaptation, and a focus on optimizing processes and technologies. Businesses must be constantly evolving and improving their digital capabilities to stay ahead of the curve.

  1. The Potential for Enhanced Competitiveness:

Embracing digital transformation can lead to increased efficiency, productivity, and profitability. Businesses that effectively leverage digital technologies can gain a competitive advantage in the market and drive sustainable growth.

In addition to the points mentioned above, it's important to consider the following:

  • Cybersecurity: As businesses become increasingly reliant on digital technologies, cybersecurity becomes a critical concern. Strong cybersecurity measures are essential to protect sensitive data and prevent cyberattacks.
  • Data-Driven Culture: A data-driven culture is essential for successful digital transformation. Employees at all levels should be empowered to use data to make informed decisions. Data literacy and analytics skills should be prioritized in training and development programs.
  • Ethical Implications: As businesses collect and analyze vast amounts of data, ethical considerations become important. Companies must ensure that data is used responsibly and ethically, and that privacy rights are protected.
  • Skilled Workforce: Digital transformation requires a skilled workforce with the ability to adapt to new technologies and ways of working. Businesses need to invest in training and development programs to upskill their employees.
  • Collaboration and Partnerships: Successful digital transformation often involves collaboration with external partners, such as technology providers and consultants. Partnerships can help businesses access the expertise and resources they need to succeed.

By embracing digital transformation and considering these additional factors, businesses can navigate the challenges of the digital age and position themselves for long-term success.

Continue Reading

CISO Blog

The Troublemaker’s Take on Liminal Panda

Published

on


Liminal Panda? More like Liminal Pandaemonium! These cyber-ninjas are sneaking around the telecom world, stealing secrets and causing chaos. They're like digital pickpockets, slipping into networks and making off with sensitive data.

These Chinese hackers aren't just stealing your data; they're stealing your future. They're compromising critical infrastructure, disrupting services, and undermining national security. It's like a real-life cyber thriller, but without the cool gadgets and the witty one-liners.

So, what can you do to protect yourself from these digital ninjas? Well, you could start by following some basic security practices. Things like keeping your software up-to-date, using strong passwords, and being wary of phishing attacks. But let's be real, that's not enough. You need to be proactive and think like a hacker.

Here are a few tips to help you stay ahead of the curve:

  • Know your enemy: Understand the tactics, techniques, and procedures (TTPs) of advanced threat actors like Liminal Panda.
  • Embrace zero-trust security: Don't trust anyone, not even your own employees.
  • Invest in advanced security tools: Use tools like endpoint detection and response (EDR) and security information and event management (SIEM) to monitor your network for threats.
  • Stay informed: Keep up-to-date on the latest cyber threats and vulnerabilities.

Remember, cybersecurity is an ongoing battle. Don't let the Liminal Pandas win.

Download the report here

Continue Reading

CISO Blog

The Dirty Little Secrets of Cybersecurity

We’ve all heard the horror stories: massive data breaches, ransomware attacks, and identity theft. But what are the real reasons behind these cyber catastrophes? It’s not always about some shadowy hacker genius; often, it’s about simple mistakes and oversights.

Published

on

The Dirty Little Secrets of Cybersecurity

We've all heard the horror stories: massive data breaches, ransomware attacks, and identity theft. But what are the real reasons behind these cyber catastrophes? It's not always about some shadowy hacker genius; often, it's about simple mistakes and oversights.

The human element is a significant factor in many cyberattacks.. From clicking on malicious links to falling victim to social engineering tactics, people can inadvertently open the door to cybercriminals.

Here are the mistakes being made and funnily enough the Top 3 (According to me) has to do with People…

  1. Underestimating the Human Factor
  2. Ignoring Insider Threats
  3. Overlooking Physical Security
  4. Neglecting Patch Management
  5. Weak Password Policies
  6. Phishing Susceptibility
  7. Failing to Back Up Data
  8. Neglecting Mobile Device Security

    Continue Reading

    Trending

    Copyright © 2017 Keller Holdings