Full Report
2025-04-16 • Sekoia • Sekoia TDR • elf.interlock, win.interlock Open article on Malpedia
Analysis Summary
This analysis is based solely on the provided article description, which is very limited. Therefore, the resulting summary sections will contain placeholders or indicate a lack of specific data derived from the full article content.
# Tool/Technique: Interlock Ransomware
## Overview
Interlock is a ransomware strain that is reportedly evolving while operating under the radar, suggesting active development and evasion techniques.
## Technical Details
- Type: Malware family (Ransomware)
- Platform: Indicated by availability of `elf.interlock` and `win.interlock`, suggesting Linux/Unix and Windows targets.
- Capabilities: Encryption of files to demand ransom.
- First Seen: Date not specified in the description.
## MITRE ATT&CK Mapping
*Note: Specific detailed mappings are not available from the description, but typical ransomware TTPs are implied.*
- [Impact]
- [Data Encrypted for Impact (T1486)]
## Functionality
### Core Capabilities
- File encryption for extortion.
### Advanced Features
- Evolving features suggesting attempts to evade detection.
## Indicators of Compromise
- File Hashes: [Not specified in the description]
- File Names: [Not specified in the description]
- Registry Keys: [Not specified in the description]
- Network Indicators: [Not specified in the description]
- Behavioral Indicators: [Not specified in the description]
## Associated Threat Actors
- [Not specified in the description]
## Detection Methods
- [Not specified in the description beyond the general existence of the malware]
## Mitigation Strategies
- Standard ransomware mitigation strategies (e.g., backups, EDR).
## Related Tools/Techniques
- Other file-encrypting ransomware families.