interlock
Ransomware group profile
66Victims
74Impact score
Also Known As
ExoLock
Description
Interlock is a financially motivated ransomware group that emerged in September 2024, operating as a closed organization with a focus on big game hunting of larger targets. The group employs double extortion tactics, encrypting data while threatening to expose sensitive information, and has developed cross-platform ransomware payloads for Windows and FreeBSD environments, rapidly expanding its operations across North America and Europe.
Key insights
- •Utilizes big game hunting tactics, targeting larger organizations.
- •Employs double extortion, combining data encryption with threats to publish stolen data.
- •Utilizes tactics like fake browser updates, social engineering, and custom toolsets.
- •Targets both Windows and FreeBSD operating systems with cross-platform ransomware.
- •Gains initial access through compromised websites and deceptive downloads.
- •Rapidly adapts its toolset for efficient attacks, maintaining a distinct operational profile.
Threat Level & Status Breakdown
For interlock · Based on incidents in selected period
3.8threat level
Aggressiveness6/ 10
Lethality0.4/ 10
Criticality5.4/ 10
Status Breakdown
Data Leaked7.6%5
Claimed92.4%61
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for interlock in the selected period
66Total attacks
12peak in Aug
5.5avg / month
↓ 8 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for interlock
- 9850cf79c40b42216a98aa937814cc438599fc9e
- 4a566d8661761363c25a36535f9e0b0f
- 9ddae47ff968343a8c32a5344060257fdc08e2a7bdb9a227c8b3a584ee3c9f1e
- a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
- 03c90fd77221e1b5b9d98e32ada70990
- 5a26624600d7ef102375317a32db739531bfab91335131edd1e2362f2753e693
- 6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b
- 09793a85d372f044fe53c4b47c47049c6bc13d1141334727800b2e32e6d92342
- a53a9ca8a074c7108f8412c3f8c1fc5d
- cd13a2925a040a93a0b2287b7d7f976c40711e27
- f150d19c57a910d714ef773a470bbb8ad88185f4b4713852fce706a1e7482b59
- fcdbe8f6204919f94fd57309806f5609ae88ae1bbd000d6226f25d2200cf6d47
- 236850ae28015cf9b0f20a677ade5bef2a85bef665585c48d88cc00a823323ad
- 4885adc9de7e91b74a3ac01187775459acf3e4e026ee2fa776b3419cf8dbaf00
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- b2b03dfcdc2e59d81e99d20c15919a13
- 55883d6c7c11a5ed6c6074af89ab2c7d61364e99
- d0e8a91af95d62dc58dbfd64970f1b255c6bffedeaf21b3e6ec4e89496f6c67a
- 6c8efbcef3af80a574cb2aa2224c145bb2e37c2f3d3f091571708288ceb22d5f
- f588802958c35fe18eb87bc36651a3d1
- 28c2d7a25ae0c25b1cef31b7407b40cf59c11c88
- 21461831ba35fd0c4bac597218b94d382478c4b6210ce9e31ad92cc84831cf0ca1909b84d98fb687118a8f0ab29043cc
- 7a5af6b8cc4b94cf0af8ae8bd56224f3
- fba4883bf4f73aa48a957d894051d78e0085ecc3170b1ff50e61ccec6aeee2cd
- 0d5a5e671f63d21a5011975a12d83829fa81a030
- 3703374c9622f74edc9c8e3a47a5d53007f7721e
- 1c38e3cda8ac6d79d9da40834367697a209c6b07e6b3ab93b3a4f375b161a901
- 0dbd602324940a614f09975edf6ac089cc12d931
- 7556ae58c215b8245a43f764f0676c7a8f0fdd1a
- cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
- 5d3569401837f0ffa3a69ff02131b3b2
- 18051333e658c4816ff3576a2e9d97fe2a1196ac0ea5ed9ba386c46defafdb88
- f80d3d09f61892c5846c854dd84ac403
- c02d50d0eb3974818091b8dd91a8bbb8cdefd94d4568a4aea8e1dcdd8869f738
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- 451886c420f85eba28c3a3cd477c7ab7
- 6fe749873d6ec0976d0d8262878a8772671e21b8
- 42c0af54d2485393576def0611ff7949f5b9a7dd
- 3e2272b916da4be3c120d17490423230ab62c174
- 6bc8e3505d9f51368ddf323acb6abc49
- e6df89bb9d51817fff1b7704e70d406584d80839e1bb1cb319c4150015b84914
- 3a24cd31c8287f7ee7336936a95f82b5d71a3746d210b4240869f3e3f5b34208
- 6e5c975e269e1b96ff573ec562a40fc182352b5d
- 60447f89c0eb870e071cb55cd57678cf
- d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
- 0b12eb25db68d8714ba52583597ed20e5fab2f6e82dcd0bcb23161acb4a9a126
- c20d890a2b4e0ee91c0a8fb0bf543e78
- 7007cf53bcd0083baba202d8ac2d9070
- ec5076aa5ac6ba904d33b8979c60dce1
- 23094d64721a279c0ce637584b87d6f1
- a987d2fa16a74fdf35edfd261fc0ab5abec477e2
- fb68797872dedd29a86db18ca41350155249718b3b0372e1985c980d4e09edf9
- 862763a754b4edfc0af31e14a3b1d691
- df41085a8aa9ee9da6a03db08ad910b6ef5fcdc8fee7ebb19744331c5e70c782
- ce1b9909cef820e5281618a7a0099a27a70643dc
- 17986b6595fe960fe8e9757d3069d5daabd628ef
- 2a56f5593cec4ec7cc418cb30bfe2f58
- 47d086d0f4b284a574ea5fa61e263647
- df5ddf117b0e19e797c7628ba1faabb95d8efd04
- 978c8d81697ebb29d809c21b398ac88fea6013bd
- f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- 4baabdbe96a16716454a62abd7a7105d8b3a775c2428a0052d9738b0412a32c6
- 77421b290ebb620bee486f159e8679d6d3a641fd
- 033de779278ecfdee7117d5d0a710e22eb501421e0c5f93e4ea3e82f414bbb90
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for interlock
Other
T1486
T1486
T1490
T1490
T1071
T1071
T1059
T1059
T1562
T1562
T1021
T1021
T1078
T1078
T1547
T1547
T1080
T1080
T1021.001
T1021.001
Victims(66)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Cold Front Distribution | — | US United States | Retail & E-Commerce | Claimed | 1 day ago | |
| First United Methodist Church Boerne | — | US United States | Retail & E-Commerce | Claimed | 23 days ago | |
| Kent District Library | — | US United States | Government & Defense | Claimed | 23 days ago | |
| Park Dental Research | — | US United States | Healthcare | Claimed | 23 days ago | |
| Waterford Hotel Group | — | IE Ireland | Hospitality | Claimed | 23 days ago | |
| Lonestar Truck Group & Tag Truck Center | tntxtruck.com | US United States | Transportation | Data Leaked | about 1 month ago | |
| Winona County | — | US United States | Government & Defense | Claimed | about 1 month ago | |
| Uniwersytet Warszawski | uw.edu.pl | PL Poland | Education | Claimed | about 2 months ago | |
| Community College of Beaver County | — | US United States | Education | Claimed | 2 months ago | |
| The Center for Hearing & Speech | — | US United States | Healthcare | Claimed | 2 months ago | |
| Goodwill | — | US United States | Professional Services | Claimed | 2 months ago | |
| Delta Manufacturing | deltamfg.com | US United States | Manufacturing | Claimed | 3 months ago | |
| Elliott-Lewis | — | US United States | Other | Claimed | 3 months ago | |
| Wagon Mound Public Schools | wm.k12.nm.us | US United States | Education | Claimed | 3 months ago | |
| Abbott Media Productions | — | US United States | Professional Services | Claimed | 4 months ago | |
| Yew Tree Dairy | — | GB United Kingdom | Other | Claimed | 4 months ago | |
| Archaeological Institute of America | archaeological.org | US United States | Education | Claimed | 4 months ago | |
| Odyssey Academy | odyssey-academy.com | US United States | Education | Claimed | 4 months ago | |
| Urban Edge Architecture | urbanedgearchitecture.co.uk | GB United Kingdom | Other | Claimed | 4 months ago | |
| Westlake Christian Academy | westlakechristianacademy.org | US United States | Education | Claimed | 5 months ago |
Page 1 of 4
Affected countries(18)
Countries where this group has been reported to target or leak victims.