The Hacker News reports on Interlock:
The Interlock ransomware group begins its attack with a strategic and highly deceptive method known as a Drive-by Compromise. This technique allows the group to gain initial access to targeted systems by exploiting unsuspecting users, often through carefully designed phishing websites.
Initial Attack of the Ransomware#
The attack starts when the Interlock group either compromises an existing legitimate website or registers a new phishing domain. These sites are carefully crafted to appear trustworthy, mimicking credible platforms like news portals or software download pages. The sites often contain links to download fake updates or tools, which, when executed, infect the user’s device with malicious software.
Example: ANY.RUN’s interactive sandbox detected a domain flagged as part of Interlock’s activity, apple-online.shop. The latter was designed to trick users into downloading malware disguised as legitimate software.
Read more at The Hacker News.