Interlock Ransomware: New techniques, same old tricks

Interlock Ransomware: New techniques, same old tricks www.fortinet.com/blog/thre… The Interlock ransomware group continues to target organizations globally, with a primary focus on U.K.- and U.S.-based entities, particularly in the education sector. Unlike many current ransomware actors, Interlock does not operate under a ransomware-as-a-service (RaaS) model. Fortinet assesses it to be a smaller, tightly controlled group that develops and deploys its own tooling across much of the attack lifecycle. The group has demonstrated an ability to evolve techniques and infrastructure in response to defensive measures. FortiGuard Incident Response recently investigated a new intrusion linked to Interlock, identifying early-stage indicators that align with activity previously reported by eSentire in July and elements of the Interlock ecosystem documented by Mandiant. The report highlights newly observed indicators of compromise and reinforces the need for proactive threat hunting, particularly for organizations in the education sector and those operating in the U.K. and U.S., as the group continues to refine its tradecraft.