A new group known as Interlock has emerged in the cyberspace arena, specializing in developing a cipher specifically targeted at FreeBSD servers. This campaign, which commenced at the end of September 2024, has already declared an attack on six companies. They have also threatened to release the stolen data of these companies if they do not comply with their ransom demands.
One of the victims of Interlock’s attacks was the district of Wayne, Michigan, which fell prey to an attack in early October. The first traces of Interlock’s activities came to light through a cybersecurity specialist known by the pseudonym SIMO, who discovered an unusual backdoor during an investigation in October.
Shortly after, a sample of malware was uncovered by the Malwarehuntteam, designed for Linux ELF but intended for FreeBSD systems. Analysis revealed that the code was tailored for FreeBSD version 10.4. However, attempts to execute the code on a virtual machine were unsuccessful.
Prior to Interlock, groups such as HIVE were prominent in creating cults for FreeBSD. However, HIVE’s infrastructure was dismantled by the FBI in 2023. Trend Micro recently reported the discovery of another clipper designed for FreeBSD, as well as a model targeting Windows systems. They highlighted FreeBSD’s popularity among critical infrastructures, making it an attractive target for attackers looking to disrupt organizations and extort payments.
Interestingly, Interlock has expanded its operations to include Windows systems, where their code manipulates system logs and appends the “.Interlock” extension to encrypted files. Each affected folder contains a ransom note detailing the data breach and provides a link to a TOR site for negotiation purposes.
Employing the double extortion technique, Interlock exerts pressure on victims by not only stealing their data but also threatening to leak it if the ransom is not paid. The ransom amount demanded can range from hundreds of thousands to millions of dollars, depending on the size and importance of the targeted organization.