267/68 Thursday, July 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a joint advisory on Tuesday warning of a surge in ransomware attacks attributed to the “Interlock” group. These attacks are increasingly targeting private-sector organizations and entities tied to critical infrastructure, employing a double extortion tactic-encrypting victims’ data while simultaneously threatening to leak it if the ransom is not paid.
Interlock is a relatively new ransomware group that began operations in September 2024, with a global focus and a particular interest in healthcare entities. The group has been linked to prior attacks using a fake IT tool dubbed “ClickFix” to infiltrate systems and has also deployed a remote access trojan (RAT) known as “NodeSnake” in attacks on universities in the United Kingdom. Most recently, Interlock claimed responsibility for breaching DaVita-a Fortune 500 kidney care company-stealing over 1.5 terabytes of data, as well as compromising Kettering Health, a major healthcare network in the U.S.
The advisory notes that Interlock often gains access through unconventional methods, such as drive-by downloads on legitimate but compromised websites. The group also uses a new technique called “FileFix,” which tricks users into executing malicious code through the Windows interface without triggering security warnings.
Experts urge organizations to adopt immediate mitigation measures, including implementing DNS filtering, deploying website access firewalls, training staff on social engineering tactics, enforcing strict user privilege controls, and enabling multi-factor authentication (MFA) to enhance system-wide security posture.
