Unlocking Interlock
According to Amazon, the tools and techniques connect the malware to Interlock, a ransomware actor that appeared in 2024, possibly as a ransomware-as-a-service (RaaS) offshoot of the notorious Rhysida group which was behind the hugely disruptive 2023 ransomware attack on The British Library.
“The ELF [Linux executable] binary and associated artifacts are attributable to the Interlock ransomware family based on convergent technical and operational indicators. The embedded ransom note and TOR negotiation portal are consistent with Interlock’s established branding and infrastructure,” said Amazon’s Moses.
In the past, Interlock had targeted sectors such as education, engineering, architecture, construction, manufacturing, and healthcare, as well as government and public sector entities, Moses said.
