APT / THREAT GROUP💰 FINANCIAL
interlock
1
aliases
Intelligence Profile
Interlock is a ransomware group first observed in September 2024 that targets critical infrastructure sectors including healthcare, government, education, and technology across North America and Europe using double-extortion, with 57+ claimed victims including a major US dialysis provider exposing over two million patient records.
Threat Analysis
interlock is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like interlock prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning interlock
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
SecurityWeek· Jun 24, 2026
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
Recorded Future Blog· Apr 12, 2026
The Good, the Bad and the Ugly in Cybersecurity – Week 12
SentinelOne Blog· Mar 20, 2026
Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon
The Record· Mar 19, 2026
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Infosecurity Magazine· Mar 19, 2026
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
SecurityWeek· Mar 19, 2026
Ransomware gang exploits Cisco flaw in zero-day attacks since January
BleepingComputer· Mar 18, 2026
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
The Hacker News· Mar 18, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
interlock
DLS Infrastructure
● ONLINEebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
● ONLINEebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion
○ OFFLINEzmqolc6yrdgn24w7eaaf4pfm235x65zbeggr4byk7og3crhcwn7sqeyd.onion
○ OFFLINE4awnzgndu5u3bb6vne2vixizdftkc4mdlz45lnrhjgelzm5ujywxmuqd.onion
○ OFFLINEhp4fxytyky26q3kpgqlhewhrazaag5wg4jsaiwxlv3lkd7r7rmsamqyd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.