He has also employed a social engineering method clickfix, which inspires the victims to run a malicious payload on the pretext of resolving a system issue. Once inside, the actor deploy various methods for discovery, credential access and lateral movement to spread to other systems on the network.
Interlock actors appoint a double extortion model, in which actors encrypse the system after data exfigning, both of them to pay ransom to decipp their data to increase ransom on the victims and prevent it from leaking, the advisor said. In addition, ransom demand or payment instructions are not included in ransom notes. Instead, the victims are provided a unique code and directed to contact the ransomware group through a .onion URL through Tor browser, Consulting,
“The interlock that makes the interlock uniquely dangerous is not the technical innovation of its encryption payload, but the orchestration of psychological and procedural blind spots throughout the enterprise. This group has made a proper acquaintance using confluent uses such as Windows Explosives Adrest Bar to execute remote access trozons with at least user suspects. “They take advantage of the purity of patch cycles, user habits, and digital hygiene. Many vectors, such as social, technical and procedurally embedding, the interlock, not only in the infrastructure, obviously for the most teaching, not only in the infrastructure.
