#interlock
DATE: July 24, 2025 at 09:08AM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
Why are U.S. federal authorities warning #criticalinfrastructure sector entities, including #healthcare providers, about the #Interlock #ransomware group now? https://t.co/K4d9WwXHTp
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
DATE: July 23, 2025 at 05:08PM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
@FBI, @CISAgov, @HHSGov Warn #Healthcare, Other Sectors of #Interlock #Cyberattack Threats https://t.co/uBjPNfmPgY
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
One threat after another! FBI, CISA, and others warn of Interlock ransomware targeting critical infrastructure in the US and Europe. Group uses fake browser updates, social engineering, and double extortion.
https://hackread.com/fbi-cisa-interlock-ransomware-target-critical-infrastructure/
"The remote endpoints it attempted to contact included several TryCloudflare domains as well as direct IP addresses.
The logic would rotate through the various servers until an online host was found. The malware in this case took 15 minutes to establish a successful connection to an online endpoint at hxxp://bristol-weed-martin-know[.]trycloudflare[.]com/init1234."
The above is from a recent Private Threat Brief: "Interlock-Linked Threat Actor Gains Access via Fake Teams ClickFix Lure"
Interested in receiving reports like this one? Contact us for a demo or pricing - https://thedfirreport.com/contact/
NEW - 
Interlock ransomware linked to new NodeSnake RAT variants attack against UK univerities and government agencies.
Read: https://hackread.com/interlock-ransomware-new-nodesnake-rat-in-uk-attacks/
@amvinfe @douglevin @funnymonkey
A few weeks ago, #InterLock leaked a lot of data allegedly from Madison School District, which is also in Phoenix, AZ.
I wonder if there was some common vendor between Madison and Fowler or some common denominator.
I didn't spot any statement or #databreach disclosure on Madison's site or Twitter account.
The Fowler Elementary School District, located in Phoenix, Arizona, has reportedly fallen victim to a cyberattack involving what may be a substantial volume of sensitive data. The incident was claimed by the Interlock ransomware group, which published its announcement on May 3, 2025, through a post on its blog hosted within the Tor network.
@PogoWasRight @douglevin @funnymonkey
#Interlock #FESD #Infosec #Data_Breach #Ransomware
Interlock claims to have stolen 20TB of #DaVita Healthcare data, leaking 1.5TB and offering the rest, including millions of patient details, for sale.
Read: https://hackread.com/interlock-ransomware-stole-davita-healthcare-data/
Updating an incident:
The InterLock ransomware gang has claimed responsibility for the DaVita attack. They claim to have exfiltrated 1,510 GB of data, 683,104 files, and 75,836 folders, and have leaked the file tree and some folder information.
Check out our new blog post by the TDR team, presenting the latest TTPs used by the #Interlock ransomware group!
It includes their use of the ClickFix tactic, PyInstaller, Node.js, Cloudflare Tunnels, and new PowerShell loader/backdoor 
https://infosec.exchange/@sekoia_io/114346873677895469
By the way, Microsoft Threat Intelligence published an analysis yesterday on the same infection chain leveraging new PowerShell loader/backdoor (without associating it with Interlock?)
As usual, we share multiple IoCs and YARA rules in our blog post and on our community GitHub: https://github.com/SEKOIA-IO/Community/tree/main/IOCs/Interlock
Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.
https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/
Tech in Plain Sight: Microwave Ovens - Our homes are full of technological marvels, and, as a Hackaday reader, we are bet... - https://hackaday.com/2023/09/26/tech-in-plain-sight-microwave-ovens/ #acsynchronousmotor #hackadaycolumns #engineering #microswitch #interlock #microwave