Four major US agencies have issued a joint cybersecurity alert warning about the escalating threat posed by the Interlock ransomware operation, which has increasingly targeted businesses, healthcare providers, and critical infrastructure entities across North America and Europe. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released the alert Tuesday as part of the #StopRansomware initiative. The agencies emphasized Interlock’s rapid evolution and its focus on high-impact sectors, particularly healthcare.
According to the advisory, Interlock emerged in September 2024 and has since launched financially motivated ransomware campaigns. The group employs a double-extortion model that involves both encrypting the victim’s system and stealing data, threatening to publish the stolen files if a ransom is not paid.
The gang does not include ransom demands in its initial notes. Instead, victims are given a unique code and directed to a .onion URL on the Tor network, where ransom negotiations take place.
Federal investigators say Interlock actors are opportunistic rather than targeting specific industries. Still, healthcare organizations have been frequent victims. Among the most high-profile victims are Kettering Health, a major Ohio-based healthcare system, and Fortune 500 kidney care company DaVita. TechRepublic