CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America and Europe against Interlock ransomware.
This advisory highlights known Interlock ransomware indicators of compromise and tactics, techniques, and procedures identified through recent FBI investigations.
Actions organizations can take today to mitigate Interlock ransomware threat activity include:
- Preventing initial access by implementing domain name system filtering and web access firewalls and training users to spot social engineering attempts.
- Mitigating known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date.
- Segmenting networks to restrict lateral movement from initial infected devices and other devices in the same organization.
- Implementing identity, credential, and access management policies across the organization and then requiring multifactor authentication for all services to the extent possible.
The #StopRansomware Interlock joint Cybersecurity Advisory is part of an ongoing effort to publish guidance for network defenders that detail various ransomware variants and ransomware threat actors. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
