HOMETHREATSinterlock
APT / THREAT GROUP💰 FINANCIAL

interlock

1
aliases

Intelligence Profile

Interlock is a ransomware group first observed in September 2024 that targets critical infrastructure sectors including healthcare, government, education, and technology across North America and Europe using double-extortion, with 57+ claimed victims including a major US dialysis provider exposing over two million patient records.

Threat Analysis

interlock is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like interlock prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Intelligence Reports Mentioning interlock

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

interlock

DLS Infrastructure

● ONLINEebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
● ONLINEebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
○ OFFLINEzmqolc6yrdgn24w7eaaf4pfm235x65zbeggr4byk7og3crhcwn7sqeyd.onion
○ OFFLINE4awnzgndu5u3bb6vne2vixizdftkc4mdlz45lnrhjgelzm5ujywxmuqd.onion
○ OFFLINEhp4fxytyky26q3kpgqlhewhrazaag5wg4jsaiwxlv3lkd7r7rmsamqyd.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
interlock — APT / Threat Group | Threat Intelligence | CTIWATCH.COM