Target sectors and global reach : The advisory did not disclose the names of targeted organizations, but noted that critical infrastructure and other organizations in North America and Europe have been targeted in the past.”Healthcare has been a primary target, with incidents involving DaVita and Kettering Health. Education, technology, manufacturing, and government have also been hit,” said Amit Jaju, senior managing director at Ankura Consulting. “Going forward, critical infrastructure, particularly energy and transportation, as well as financial services, are vulnerable due to virtualization dependencies.”
Layered defenses are critical to mitigation: While Interlock actors have been attacking and encrypting virtual machines till now, hosts, workstations, and physical servers can be targeted in the future. To mitigate these risks, robust endpoint detection and response (EDR) capabilities should be deployed, alongside broader security hardening efforts.Key steps include implementing DNS filtering, web access firewalls, and user training to detect social engineering attempts such as ClickFix. Organizations should also patch known vulnerabilities across operating systems, firmware, and applications, and segment networks to contain lateral movement after initial compromise.Security teams are also advised to enforce strong identity, credential, and access management (ICAM) policies, including multi-factor authentication (MFA) across all services where feasible.”To strengthen defenses against threats like Interlock, enterprises should go beyond standard advisories by adopting layered strategies. This includes implementing clipboard and UI controls to block or prompt paste actions into Explorer or Run, and enforcing Group Policy or endpoint restrictions on suspicious behaviors,” said Pareekh Jain, CEO at EIIRTrend & Pareekh Consulting. “Organizations should also restrict user execution rights by limiting access to system dialogs and script execution. Additionally, DNS and web filtering should be enhanced beyond basic blocking to include content analysis and detection of script-based copy/paste attacks delivered via compromised websites.” Enterprises should also keep offline, immutable backups to avoid ransom dependence.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4027220/interlock-ransomware-threat-expands-across-the-us-and-europe-hits-healthcare-and-smart-cities.html
