1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Interlock ransomware attacks highlight need for greater security

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 25, 2024 14:30:05
    Interlock ransomware attacks highlight need for greater security standards on critical infrastructure

    Date:
    Wed, 25 Dec 2024 14:03:00 +0000

    Description:
    Here is how organizations can strengthen defenses against Interlock
    ransomware targeting FreeBSD servers.

    FULL STORY ======================================================================Standing
    privilege can be minimized using the zero trust principle Critical servers can be protected by enabling just-in-time access FreeBSD jails can help to isolate workloads and enhance defense

    A recently discovered ransomware group has been observed targeting organizations with a focus on FreeBSD servers.

    Launched in late September 2024, the operation employs a unique approach, using an encryptor specifically designed for FreeBSD.

    Interlock has already claimed attacks on six organizations, including Wayne County, Michigan, which experienced a cyberattack in October 2024. Interlocks FreeBSD encryptor sets it apart

    Initial information about Interlock came from cybersecurity professionals
    Simo and MalwareHunterTeam , who analyzed samples of the ransomware.

    Interlocks attack method involves breaching corporate networks, stealing
    data, spreading laterally to other devices, and encrypting files. The attackers use double-extortion tactics and threats of leaking stolen data unless ransom demands, ranging from hundreds of thousands to millions of dollars, are paid.

    Unlike other ransomware groups that typically target Linux-based VMware ESXi servers, Interlocks focus on FreeBSD encryptors makes it particularly unique. FreeBSDs extensive use in critical infrastructure and servers makes it a
    prime target for disrupting vital services and pressuring victims to pay substantial ransoms.

    The FreeBSD encryptor was compiled specifically for FreeBSD 10.4 and is a 64-bit ELF executable. However, testing the sample on both Linux and FreeBSD virtual machines proved challenging, as it failed to execute properly in controlled environments.

    Despite this, Trend Micro researchers discovered additional samples of the FreeBSD encryptor, confirming its functionality. They noted the strategic choice of FreeBSD, highlighting its prevalence in critical systems, where attacks can cause widespread disruption.

    While the FreeBSD version has presented challenges during analysis,
    Interlocks Windows encryptor functions effectively. It clears event logs and, if configured, uses rundll32.exe to delete its binary after execution. The ransomware appends a ".interlock" extension to encrypted files and creates ransom notes named "!README!.txt" in affected folders.

    These notes provide basic information about the encryption, threats, and
    links to Tor-based negotiation and data leak sites. Each victim receives a unique "Company ID" for communication with the attackers via a chat system.

    Ilia Sotnikov, Security Strategist at Netwrix, advises organizations to
    deploy multi-layered security measures, including network and web application firewalls , intrusion detection systems, and phishing defenses to prevent initial breaches.

    The ransomware group Interlock has recently been attacking organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. The FreeBSD operating system is known for its reliability
    and is therefore commonly used for critical functions. Examples include web hosting , mail servers, and storage systems, all potentially lucrative
    targets for the attackers. Depending on the function and the configuration, the server may or may not be directly connected to the Internet, said Sotnikov.

    Security teams should invest in defence-in-depth, to disrupt a potential attack at an early stage, complicate each further step for the attacker, and detect the potentially harmful activity as quickly as possible with the help of monitoring toolsSince the adversary is most likely to access the FreeBSD server from inside the network, it may be a good idea to minimize standing privilege by implementing the zero trust principle, which allows a user only the necessary permissions to perform their tasks, Sotnikov added.

    Via BleepingComputer You may also like Take a look at our guide to the best VPN with antivirus These are the best zero trust network access solutions US set to allow tech giants to control access to AI chips



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/interlock-ransomware-attacks-highlight- need-for-greater-security-standards-on-critical-infrastructure


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)