interlock

Ransomware group profile

59Victims

78Impact score

Also Known As

ExoLock

Description

Interlock is a financially motivated ransomware group that emerged in September 2024, operating as a closed organization with a focus on big game hunting of larger targets. The group employs double extortion tactics, encrypting data while threatening to expose sensitive information, and has developed cross-platform ransomware payloads for Windows and FreeBSD environments, rapidly expanding its operations across North America and Europe.

Key insights

•Utilizes big game hunting tactics, targeting larger organizations.
•Employs double extortion, combining data encryption with threats to publish stolen data.
•Utilizes tactics like fake browser updates, social engineering, and custom toolsets.
•Targets both Windows and FreeBSD operating systems with cross-platform ransomware.
•Gains initial access through compromised websites and deceptive downloads.
•Rapidly adapts its toolset for efficient attacks, maintaining a distinct operational profile.

Industries

Education Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For interlock · Based on incidents in selected period

4.3threat level

Aggressiveness7/ 10

Lethality0.5/ 10

Criticality5.5/ 10

First seenJul 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 28, 2026

Recent activity

Monthly attack count for interlock in the selected period

59Total attacks

12peak in Aug

5.4avg / month

↓ 1 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for interlock

e0958dcfe58b34363b4490790c4e492683f7ed9d
7bc15e8ec688c4ae8a4d942a05cd949d
6b8ec32dc76fa3138f00616156962f4f
9850cf79c40b42216a98aa937814cc438599fc9e
4a566d8661761363c25a36535f9e0b0f
9ddae47ff968343a8c32a5344060257fdc08e2a7bdb9a227c8b3a584ee3c9f1e
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
7ed805c5fc3bd0a4eab3d523483a9cc83b8768ff667875f2318f3bfa4ef68fe2
03c90fd77221e1b5b9d98e32ada70990
b0cfa2089802634ffb8c77962cdb18317a6332d4
6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
09793a85d372f044fe53c4b47c47049c6bc13d1141334727800b2e32e6d92342
4fa8d9a20ce9098eddc065cc427e3ccb035bf3306e236c17a67104d79ca040e0
a53a9ca8a074c7108f8412c3f8c1fc5d
cd13a2925a040a93a0b2287b7d7f976c40711e27
f150d19c57a910d714ef773a470bbb8ad88185f4b4713852fce706a1e7482b59
fcdbe8f6204919f94fd57309806f5609ae88ae1bbd000d6226f25d2200cf6d47
64a0ab00d90682b1807c5d7da1a4ae67cde4c5757fc7d995d8f126f0ec8ae983
4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00
c8347069980e0c7b8d42cbf0f2be7bc6e558f8b6cf7ca960f6454926120adf55
77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
b2b03dfcdc2e59d81e99d20c15919a13
55883d6c7c11a5ed6c6074af89ab2c7d61364e99
ccfa558c82a0a4276d8a056e5b0a557050e0b65f
59e3c4cb06331b4f2d78a9a0592f3747e573bd01c5a7650c26361d1e25520712
9f1950591d1f40fd24c335a2fe56cb03
6c8efbcef3af80a574cb2aa2224c145bb2e37c2f3d3f091571708288ceb22d5f
76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d
f588802958c35fe18eb87bc36651a3d1
2b59b03e9232b83b8914ed07c6426dd53d17cfb2eba01ab13d4c6cb00466a42e
89759f741606e3e9e3004978c08a3d8f5d8a887f
28c2d7a25ae0c25b1cef31b7407b40cf59c11c88
7a5af6b8cc4b94cf0af8ae8bd56224f3
fba4883bf4f73aa48a957d894051d78e0085ecc3170b1ff50e61ccec6aeee2cd
705127c9730dcdebfa0f30103952107098d164d1941c400ea1f3ff454951c225
0d5a5e671f63d21a5011975a12d83829fa81a030
3703374c9622f74edc9c8e3a47a5d53007f7721e
46d469848590dd06f843982b67d2d49b0e3fd004
0dbd602324940a614f09975edf6ac089cc12d931
5070ad8f45e6ee70e1b8a4fdbf78b2c823ca2c47a817fc29b5042b15880f92d9
7556ae58c215b8245a43f764f0676c7a8f0fdd1a
f0b3e112ce4807a28e2b5d66a840ed7f
9daa74a3b63c352c120c8b043a1e88f32cb8ad54
6364b01313acbedc9bfd0340eeb983a78f630fe0
cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
556050a9f9cb6bff6e19ada58215e469
5d3569401837f0ffa3a69ff02131b3b2
18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88
333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c
c524749d590c5057642f72b583e2336b6e80d0ff
3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
4e4a3751581252e210f6f45881d778d1f482146f92dc790504bfbcd2bdfa0129
176a34345bbd4eaf96e47bb60c866847de7cdaf315fe376427f4651c09f98e88
c24cb7692b77123387b821f3683966807662217a4c918c32bb97358729c33a1d
451886c420f85eba28c3a3cd477c7ab7
41b6815d187a9bd7284fb0919b814eaf310d55452030eb932b32b27b5c473e26
794a0b6f21d80a426ac33a706a962b66a6cc0492
7e94dddc83cbd929e073f060d02e374f
6fe749873d6ec0976d0d8262878a8772671e21b8
224a21c122569d682302ae26ec4fdbfada36aa65
d2fcf4a3c0012398caf4247cd08f16857e115223
42c0af54d2485393576def0611ff7949f5b9a7dd
e10609238eb90491d4a00be18fb27d76
aecc447b2b69af35e20c3ea91e21e853
690b6cf4205248a3fc5521762c69a24f46958e57621dc97b031e41ec1f381221
3e2272b916da4be3c120d17490423230ab62c174
6bc8e3505d9f51368ddf323acb6abc49
3a24cd31c8287f7ee7336936a95f82b5d71a3746d210b4240869f3e3f5b34208
1192381230fce07ef3f2a86ce746c71f22a7e0b97eea7560a38337844e8f3041
db972979d508e75fe730d3b72c2701470fbdaeaf8ebdd674744754fa44438ca5
60447f89c0eb870e071cb55cd57678cf
f591275a8f014b29e567529d67c54eb7bb4473db1c38737d6bfd5b3d52c9344e
2471ab67e2bb73a5f12877a10c1d1dc4
0b12eb25db68d8714ba52583597ed20e5fab2f6e82dcd0bcb23161acb4a9a126
c20d890a2b4e0ee91c0a8fb0bf543e78
8bf60bab86b0f501aecd48308b1d2c18
64d3de7ed78114b1dc13d3bb6e763149
0553d85e6e17dbf02742a4030fda644f
b204d00dd01da0408978e4101479efbdc977e84ad4a99cdbfd4a3364df964dd0
7007cf53bcd0083baba202d8ac2d9070
9e387f1564f9e38ba87dbafbde3731db2e844ff3800500d6707028bb065c070b
ec5076aa5ac6ba904d33b8979c60dce1
b46a3f9a7917a0b0e08979f85c90ff802a3e96d23a19a8727d9d701d5e2088eb
23094d64721a279c0ce637584b87d6f1
e40e82b77019edca06c7760b6133c6cc481d9a22585dd80bce393f0bfbe47a99
ab420e67f5b2ba45702674a7fe3e10e9d4283732
a987d2fa16a74fdf35edfd261fc0ab5abec477e2
e2b789bf39ba132ce56d3d97c28b5ff2
fb68797872dedd29a86db18ca41350155249718b3b0372e1985c980d4e09edf9
862763a754b4edfc0af31e14a3b1d691
df41085a8aa9ee9da6a03db08ad910b6ef5fcdc8fee7ebb19744331c5e70c782
edbf152ed9ac79e5d9e0111d1071af48
ce1b9909cef820e5281618a7a0099a27a70643dc
17986b6595fe960fe8e9757d3069d5daabd628ef
2a56f5593cec4ec7cc418cb30bfe2f58
47d086d0f4b284a574ea5fa61e263647
df5ddf117b0e19e797c7628ba1faabb95d8efd04
978c8d81697ebb29d809c21b398ac88fea6013bd
f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
4baabdbe96a16716454a62abd7a7105d8b3a775c2428a0052d9738b0412a32c6
77421b290ebb620bee486f159e8679d6d3a641fd
73a9a1e38ff40908bcc15df2954246883dadfb991f3c74f6c514b4cffdabde66
62c81c192867130f49b5082045d679586f27143a
b49707615290ffc5baa2d02c3b5d22574a953b50
79cd6380b2cf7ca1b3e3ba386ebbd7df0104e33ac74cdb5e886fd8be207bd961
43948d6f8c51b96c1f854ea695ffe67f
1ef9214ad4e3f8f993ecdac3bc61aeeb
f00a7652ad70ddb6871eeef5ece097e2cf68f3d9a6b7acfbffd33f82558ab50e
29765840a9897f93ea3bf07ef59ffa8ae8cd5f14
a98dcdee82f6066a4cf2f9d7d161a1bacec8f81d
4db4b2463cc95483b7c6a2539caee516
12b86190ab3fb916b8901d82fbe996f43417ffa5736df5294a63a440758f158e
cb85338c2cc758da00cc37a1fde7a73383e1c4c7
1977753fadf4be46e340b4dcb7805e1f1649df51
7422f2cf8466948bb782769fffa020fd92be6472
eaca86a3f397d10d9188be9fcd2af1a7a30a9b573b2282b0b8300efeb5ff1efd
dc057522e04f37a6143cf6ce9b5d4a19aab8ef7a

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for interlock

Other

T1486

T1490

T1071

T1059

T1562

T1021

T1078

T1547

T1080

T1021.001

Victims(59)

Company	Domain	Country	Industry	Status	Discovered
Clearview Eye Centre	clearvieweyecentre.com	CA Canada	Healthcare	Claimed	4 days ago
Reynella East College	reynellaec.sa.edu.au	AU Australia	Education	Data Leaked	6 days ago
Cold Front Distribution	—	US United States	Retail & E-Commerce	Claimed	27 days ago
First United Methodist Church Boerne	—	US United States	Retail & E-Commerce	Claimed	about 2 months ago
Kent District Library	—	US United States	Government & Defense	Claimed	about 2 months ago
Park Dental Research	—	US United States	Healthcare	Claimed	about 2 months ago
Waterford Hotel Group	—	IE Ireland	Hospitality	Claimed	about 2 months ago
Lonestar Truck Group & Tag Truck Center	tntxtruck.com	US United States	Transportation	Data Leaked	about 2 months ago
Winona County	—	US United States	Government & Defense	Claimed	2 months ago
Uniwersytet Warszawski	uw.edu.pl	PL Poland	Education	Claimed	2 months ago
Community College of Beaver County	—	US United States	Education	Claimed	3 months ago
The Center for Hearing & Speech	—	US United States	Healthcare	Claimed	3 months ago
Goodwill	—	US United States	Professional Services	Claimed	3 months ago
Delta Manufacturing	deltamfg.com	US United States	Manufacturing	Claimed	3 months ago
Elliott-Lewis	—	US United States	Other	Claimed	4 months ago
Wagon Mound Public Schools	wm.k12.nm.us	US United States	Education	Claimed	4 months ago
Abbott Media Productions	—	US United States	Professional Services	Claimed	4 months ago
Yew Tree Dairy	—	GB United Kingdom	Other	Claimed	4 months ago
Archaeological Institute of America	archaeological.org	US United States	Education	Claimed	5 months ago
Odyssey Academy	odyssey-academy.com	US United States	Education	Claimed	5 months ago

Page 1 of 3

Affected countries(18)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia 🇨🇦Canada 🇨🇴Colombia 🇨🇷Costa Rica 🇩🇪Germany 🇬🇧United Kingdom 🇮🇳India 🇮🇹Italy 🇯🇵Japan Korea, Republic of 🇲🇽Mexico 🇵🇪Peru 🇵🇭Philippines 🇵🇱Poland Russian Federation 🇹🇷Turkey 🇺🇸United States 🇿🇦South Africa