Quick Summary
Executive Summary
Reynella East College, an educational institution in Australia, was listed as a victim by the Interlock ransomware group on June 23, 2026. The listing was observed via SOCRadar’s Dark Web Monitoring service. While the college’s specific industry was not explicitly stated in the listing, its name suggests it is an education provider. Interlock is a ransomware group known to target various sectors including Transportation/Logistics, Public Sector, and Consumer Services, with a primary focus on victims in the United States, but occasionally extending to Australia and Ireland.
Technical Analysis
SOCRadar’s analysis revealed a potential initial access vector through stealer-log telemetry associated with the reynellaec.sa.edu.au domain. The data indicated approximately twenty-one credentials exposed from college portals, including student, teacher, intranet, and library systems. These credentials predominantly used non-corporate usernames and included some official domain addresses. Repeated captures targeted the organization’s ADFS single sign-on endpoint, and instances of credential reuse or compromised sessions were observed. The timeframe of the harvested logs spans from late March to mid-June 2026. Infostealer-harvested credentials are a common initial access method for ransomware groups like Interlock. Their typical kill chain involves sourcing logs, validating corporate credentials, and using them to gain access to systems before deploying ransomware. While direct confirmation of these credentials being used by Interlock is not provided, the pattern of ADFS authentication and reused accounts is consistent with their modus operandi. Security recommendations include resetting ADFS-authenticated and third-party staff accounts, enforcing MFA, and advising external users on credential rotation.