- • Interlock ransomware, first identified in September 2024, has claimed over 50 victims, with a significant rise in attacks noted in June 2025.
- • The ransomware employs double extortion tactics, targeting both Windows and Linux systems, impacting businesses and critical infrastructure sectors.
- • CISA and FBI have provided indicators of compromise (IOCs) and mitigation strategies in their advisory to assist network defenders against Interlock attacks.
- • Immediate actions include implementing network segmentation, regular data backups, and user training to recognize phishing attempts, as well as monitoring for the provided IOCs.
The Interlock ransomware group has escalated its attacks since its emergence in September 2024, targeting over 50 organizations worldwide, particularly in critical infrastructure. Utilizing double extortion tactics, the ransomware affects both Windows and Linux systems, posing significant operational risks to businesses. Organizations are urged to implement immediate defensive measures, including network segmentation, regular backups, and user training to mitigate the risk of infection. CISA and the FBI have released IOCs and recommended monitoring for these indicators to enhance detection capabilities against this evolving threat.