Friday, 14 March 2025
28.3 C
Singapore
34.9 C
Thailand
21.8 C
Indonesia
27.8 C
Philippines

Interlock ransomware targets critical infrastructure with FreeBSD-specific attacks

Interlock ransomware targets FreeBSD servers, highlighting the need for enhanced security measures in critical infrastructure.

A new ransomware group, Interlock, has recently targeted organisations focusing on FreeBSD servers. The operation began in late September 2024 and used a unique encryptor designed for FreeBSD systems, setting it apart from other ransomware attacks.

The Interlock ransomware and its FreeBSD focus

Interlock has already claimed attacks on several organisations, including Wayne County, Michigan, which fell victim to a cyberattack in October 2024. The ransomware’s distinctive feature is its use of an encryptor designed specifically for FreeBSD, an operating system widely used in critical infrastructure.

Cybersecurity experts Simo and MalwareHunterTeam, who analysed samples of the ransomware, uncovered the initial details of the attack. Interlock’s attack method follows a typical ransomware pattern: the attackers breach corporate networks, steal sensitive data, and spread to other devices, encrypting files along the way. They use double-extortion tactics, threatening to leak stolen data unless the victim pays a ransom, which can range from hundreds of thousands to millions of dollars.

Why FreeBSD is a prime target

What makes Interlock particularly unique is its focus on FreeBSD, a choice that highlights the importance of this operating system in critical systems. Unlike other ransomware groups that often target Linux-based VMware ESXi servers, Interlock aims directly at FreeBSD servers, common in web hosting, mail servers, and storage systems. These systems are integral to critical functions, making them lucrative targets for attackers.

While FreeBSD’s popularity in essential services makes it an attractive target, its focus also challenges cybersecurity professionals. The FreeBSD encryptor, explicitly compiled for FreeBSD 10.4, is a 64-bit ELF executable. However, executing in controlled environments on both Linux and FreeBSD virtual machines proved difficult during initial testing. Despite these hurdles, Trend Micro researchers discovered further samples of the encryptor, confirming its functionality and strategic focus.

Advice for organisations to improve security

Interlockโ€™s attack highlights the need for stronger security measures across critical infrastructure. Ilia Sotnikov, a Security Strategist at Netwrix, advises organisations to implement multi-layered security strategies. These should include network and web application firewalls, intrusion detection systems, and phishing defences to prevent initial breaches.

Sotnikov explains, “The FreeBSD operating system is known for its reliability and is commonly used for critical functions. Examples include web hosting, mail servers, and storage systems, all potentially lucrative targets for the attackers. Depending on the configuration, the server may or may not be directly connected to the Internet.”

Sotnikov recommends investing in defence-in-depth strategies to disrupt attacks early and complicate the attackerโ€™s actions. He also stresses the importance of monitoring tools to detect harmful activity quickly. A key recommendation is to implement the zero-trust principle, which ensures that users only have the minimum necessary permissions to perform their tasks, minimising the risk of internal breaches.

The Interlock ransomware groupโ€™s attacks are a stark reminder of the vulnerabilities within critical infrastructure. Its use of a FreeBSD-specific encryptor marks a troubling development in ransomware tactics, underscoring the need for robust security measures to protect against this growing threat. Organisations should prioritise improved security strategies to mitigate the risk and impact of such cyberattacks.

Hot this week

X experiences repeated outages amid cyberattack claims

X faces repeated outages, with Elon Musk blaming a cyberattack. Users report global disruptions while alternative platforms remain stable.

Pure Storage launches high-performance AI and HPC data storage platform

Pure Storage unveils FlashBlade//EXA, a high-performance AI and HPC storage platform designed to improve scalability and metadata processing efficiency.

JBL’s Flip 7 and Charge 6 bring better sound and longer battery life

JBLโ€™s new Flip 7 and Charge 6 speakers offer longer battery life, better sound, and improved durability with AI Sound Boost and waterproofing.

PlayStation 5 Pro to feature improved graphics with FSR 4 integration

Sony will upgrade PS5 Pro graphics in 2026 with AMDโ€™s FSR 4-based upscaling, enhancing visuals and stability through AI-driven improvements.

Blueskyโ€™s CEO trolls Mark Zuckerberg with a viral T-shirt that sells out in minutes

Blueskyโ€™s CEO Jay Graber trolled Mark Zuckerberg with a Latin T-shirt at SXSW, selling out replicas in 30 minutes. Here's why it struck a chord.

Blueskyโ€™s CEO trolls Mark Zuckerberg with a viral T-shirt that sells out in minutes

Blueskyโ€™s CEO Jay Graber trolled Mark Zuckerberg with a Latin T-shirt at SXSW, selling out replicas in 30 minutes. Here's why it struck a chord.

Oracle could be the leading choice to manage TikTok in the US

Oracle is reportedly the top choice to manage TikTokโ€™s US operations as ByteDance seeks a deal before the April deadline. Uncertainty remains.

Android introduces Auracast support for hearing aids in public audio broadcasts

Android 16 will add Auracast support, allowing hearing aids to connect directly to public audio broadcasts.

AI startup Sesame unveils base model for its voice assistant

AI startup Sesame has released CSM-1B, the base model behind its voice assistant Maya, raising concerns over voice cloning risks and safeguards.

Related Articles