Newly emergent ransomware group Interlock has set sights on compromising FreeBSD servers around the world, reports BleepingComputer.
Attacks by Interlock involved infiltration of targeted corporate networks and data exfiltration before proceeding with lateral movement, file encryption, and double-extortion activities, according to a Trend Micro report. Further analysis of the operation's Windows encryptor revealed its capability to remove Windows event logs and the primary binary in the event self-deletion is activated. Organizations impacted by Interlock have been assigned specific "Company IDs" and an email address that would be leveraged to access the site where negotiations between both parties would be held. Six to seven-digit ransoms have been usually demanded by Interlock, which has already breached six organizations since its emergence in late September. "Interlock targets FreeBSD as it's widely utilized in servers and critical infrastructure. Attackers can disrupt vital services, demand hefty ransoms, and coerce victims into paying," said Trend Micro.
