Threats Tagged 'interlock'

IBM X-Force discovered a likely AI-generated malware named 'Slopoly' used in a ransomware attack by the Hive0163 group. This marks the beginning of AI adoption among cybercrime groups, potentially transforming the threat landscape. Slopoly, while relatively unsophisticated, demonstrates how easily threat actors can use AI to develop new malware quickly. The attack involved ClickFix social engineering, NodeSnake malware, and InterlockRAT, culminating in the deployment of Interlock ransomware. This incident highlights the growing trend of AI-generated and AI-integrated malware, which could lead to more ephemeral and difficult-to-attribute attacks, challenging traditional threat intelligence methods.

MediumMalwareUnited StatesUnited KingdomGermany+10#nodesnake#ai-generated malware#cybercrime

The Interlock ransomware group has been actively targeting businesses and critical infrastructures in North America and Europe since September 2024. Their ransomware employs AES-256-GCM encryption with RSA-4096 key protection, leveraging the OpenSSL library for efficient file encryption. The malware includes code obfuscation techniques and specific arguments for various behaviors. It excludes certain folders, file extensions, and files from encryption to avoid system damage. The ransomware changes file extensions to '.!NT3RLOCK' and may terminate processes during encryption. Interlock's operations involve data theft and public disclosure threats for ransom leverage. The group utilizes a Tor-based negotiation site and references legal regulations to pressure victims. To counter this threat, offsite data backups and regular recovery drills are recommended.

MediumMalwareGermanyFranceUnited Kingdom+7#aes-256-gcm#code obfuscation#file encryption