Interlock ransom note
Source: BleepingComputer
Research from Trend Micro confirms that Interlock has created both FreeBSD and Windows encryptors. The FreeBSD encryptor, identified as a 64-bit ELF file, has sparked interest due to its specificity; FreeBSD is typically employed in sectors where security is paramount, such as energy and telecommunications infrastructure.
Files encrypted by Interlock
The ransomware uses a .interlock extension for encrypted files and delivers ransom notes across affected folders. Each note directs victims to a Tor-based negotiation platform featuring a chat system, where demands range from hundreds of thousands to millions of dollars, tailored to the victim’s profile.
Trend Micro attributes this unusual FreeBSD focus to the system’s extensive usage in mission-critical infrastructure, making it a prime target for cybercriminals seeking significant ransom payouts. The ransom note encourages quick payment with threats of data leakage on their site if demands are unmet. Furthermore, the Windows version of Interlock operates with efficiency, erasing Windows event logs and using DLL-based deletion tactics to obscure forensic traces.
Interlock data leak site
Source: BleepingComputer