The FBI and CISA have issued a joint warning about a fast-moving cybercriminal group with the alias Interlock. We’ll examine the wave of ransomware attacks this group is responsible for and how you can stay protected as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• A new wave of cyberattacks gaining government attention
• How attackers are getting in without a single click
• Why backups might not be enough anymore
• The systems cybercriminals are quietly targeting
• What your business can do to stay one step ahead

Video Transcript

First detected in September 2024, this new wave of ransomware attacks has spread quickly, prompting the FBI and CISA to issue joint warnings to help organizations prepare and respond.

Like many disruptive threat actors, Interlock’s weapon of choice is ransomware, malicious software that locks you out of your systems and holds your data hostage until you pay a ransom. But what makes this group’s approach more severe is a tactic called double extortion. Before locking your data, attackers steal sensitive information. That way, even if your team has backups and doesn’t need to pay to restore files, the criminals threaten to leak your confidential data online if you don’t meet their demands.

These attacks aren’t limited to one industry. Businesses across multiple sectors have been impacted, with healthcare organizations among the hardest hit. Recently, it was reported that Interlock was responsible for major breaches at DaVita, a Fortune 500 kidney care provider, and Kettering Health, a healthcare system with thousands of employees.

So how are these attackers getting into high-value targets like these? The answer varies, because they’re using several different techniques. One method involves compromising websites that offer software downloads, updates, or tools commonly used by organizations. These sites may appear trustworthy and operate normally, but attackers quietly insert malicious code behind the scenes that can infect employee devices by just visiting the site.

In other cases, Interlock attackers use social engineering tactics to gain access. For example, their attacks have been successful in tricking people into completing fake CAPTCHA checks. One method in particular tells victims to copy and paste some text into their PC’s Run window, which inevitably gives hackers access to the network.

And finally, they’re targeting virtual machines, or digital systems that businesses use to manage multiple processes in cloud environments. And, because these systems typically host critical applications and data, they’re a high-value target that can shut down entire functions of a business.

To protect against these threats, the FBI and CISA recommend taking a layered approach to security. It starts with blocking threats before they ever reach your team. DNS filtering and web firewalls can help stop malicious websites in their tracks. From there, it’s important to focus on your people. Training employees to spot fake updates, sketchy prompts, and suspicious activity can go a long way in preventing an attack. Access controls come next. Turning on Multi-factor Authentication means that even if a password gets stolen, it won’t be enough to break in. You’ll also want to make sure your systems are up to date. Regular patching helps close the door to known vulnerabilities before attackers can exploit them. But if something does slip through, your internal setup matters. Segmenting your network can prevent a single breach from spreading throughout the organization. And lastly, always prepare for the worst. Secure, offline backups give you a reliable way to recover if files are encrypted.

Together, these steps build a stronger, more resilient defense. But, because cyber threats like these are growing more sophisticated every day, it’s important to adapt quickly. If you’re unsure about your current defenses, reach out to Rocket IT using the link in this video’s description to ensure you remain protected. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.