Skip to main content
Customer Support Customer Support

Alert Joint Advisory Issued on Protecting Against Interlock Ransomware Release Date July 22, 2025

  • July 22, 2025
  • 1 reply
  • 21 views
TripleHelix
Moderator
Forum|alt.badge.img+63
Related topics:
Cybersecurity Best Practices, Critical Infrastructure Security and Resilience
 

CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America and Europe against Interlock ransomware.  

This advisory highlights known Interlock ransomware indicators of compromise and tactics, techniques, and procedures identified through recent FBI investigations.  

Actions organizations can take today to mitigate Interlock ransomware threat activity include:  

  • Preventing initial access by implementing domain name system filtering and web access firewalls and training users to spot social engineering attempts.  
  • Mitigating known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date.  
  • Segmenting networks to restrict lateral movement from initial infected devices and other devices in the same organization.  
  • Implementing identity, credential, and access management policies across the organization and then requiring multifactor authentication for all services to the extent possible.  

The #StopRansomware Interlock joint Cybersecurity Advisory is part of an ongoing effort to publish guidance for network defenders that detail various ransomware variants and ransomware threat actors. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. 

 

https://www.cisa.gov/news-events/alerts/2025/07/22/joint-advisory-issued-protecting-against-interlock-ransomware

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
ProTruckDriver
Jasper_The_Rasper
TripleHelix

1 reply

TripleHelix
Moderator
Forum|alt.badge.img+63
  • TripleHelix
  • Author
  • Moderator
  • July 22, 2025

Way more info here:

Thanks ​@Jasper_The_Rasper 

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
ProTruckDriver
Jasper_The_Rasper
TripleHelix
TripleHelix
Moderator
Forum|alt.badge.img+63
  • TripleHelix
  • Author
  • Moderator
  • July 22, 2025

And more info here as well:

 

Cybersecurity Advisory

#StopRansomware: Interlock

Release Date
July 22, 2025
 

Summary

Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC)—hereafter referred to as “the authoring organizations”—are releasing this joint advisory to disseminate known Interlock ransomware IOCs and TTPs identified through FBI investigations (as recently as June 2025) and trusted third-party reporting.

The Interlock ransomware variant was first observed in late September 2024, targeting various business, critical infrastructure, and other organizations in North America and Europe. FBI maintains these actors target their victims based on opportunity, and their activity is financially motivated. FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems; these encryptors have been observed encrypting virtual machines (VMs) across both operating systems. FBI observed actors obtaining initial access via drive-by download from compromised legitimate websites, which is an uncommon method among ransomware groups. Actors were also observed using the ClickFix social engineering technique for initial access, in which victims are tricked into executing a malicious payload under the guise of fixing an issue on the victim’s system. Actors then use various methods for discovery, credential access, and lateral movement to spread to other systems on the network.

Interlock actors employ a double extortion model in which actors encrypt systems after exfiltrating data, which increases pressure on victims to pay the ransom to both get their data decrypted and prevent it from being leaked. 

FBI, CISA, HHS, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Interlock ransomware incidents.

 

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
ProTruckDriver
Jasper_The_Rasper
TripleHelix
Terms & ConditionsAccessibility statement