Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Menu
RHC Dark Lab : 2 December 2024 07:38
RHC DarkLab has always taken a unique and provocative approach in the fight against cyber threats, summed up by the motto: ‘One must know the Demons to learn how to counter them.’ This philosophy guides our ongoing commitment to understanding Threat Actors through face-to-face interviews to expose their techniques, tactics and procedures (TTPs) and improve the defences of those facing these insidious adversaries.
Cyber gangs, such as Interlock, often present themselves with a mix of highly sophisticated motivations and skills, as demonstrated by recent attacks targeting seemingly secure systems such as FreeBSD. In many cases, they claim to act to fill gaps left by the targeted organisations, as if it were a kind of cyber justice, but behind these claims lie purely financial or ideological motives. These attacks not only threaten the stability of digital infrastructures, but also underline the growing need for a deeper understanding of the strategies adopted by cybercriminals.
Our interviews with Threat Actors, such as Vanir Group or Ransomcortex, show the diversity of approaches and motivations that fuel ransomware operations. From simple greed to complex networks of collaborations, each group operates with specific rules and objectives, often dictated by economic opportunity or geopolitical considerations. This dialogue, although controversial, allows critical details about the inner workings of criminal organisations to be revealed, giving security experts an advantage in their fight against these threats.
Prova Gratuitamente Business Log! L'Adaptive SOC italiano
Proteggi la tua azienda e ottimizza il tuo lavoro grazie al SOC di Business Log, il software leader per audit, log management e cybersicurezza realizzato in Italia. Business Log garantisce:
In the case of Interlock, statements such as ‘If you don’t take security seriously, we will do it for you’ emphasise a provocative attitude and an intent to highlight the vulnerability of companies. It is crucial to analyse these statements not only to understand their tactics, but also to anticipate and prevent future attack campaigns. Through these interviews, RHC DarkLab offers a window into a dark and complex world, combining investigative rigour and deep technical knowledge. This allows us to build a solid and useful narrative that informs not only security professionals, but also the wider public, raising collective awareness.
Below, we present the exclusive interview with the cyber gang Interlock, a further step in our efforts to unveil the secrets of the ‘Digital Demons’ and counter their devastating impact.
1 – RHC : Thank you guys for accepting this interview. You are a group that recently appeared in the underground, can you tell us about how and when the group Interlock was born and why the choice of this name? Also, congratulations on the site, it’s really nice!
Interlock: Interlocker was created in 2024. The name comes from “International Locker.”
2 – RHC : In your manifesto you state that you want to “impose accountability” on negligent companies. What prompted you to choose this approach and what values guide you as a collective?
Interlock: Every virus is a step towards evolution. Our activities push the cybersecurity industry to evolve and improve technologies.
3 – RHC : You claim to be a “wake-up call” for corporate negligence. To what extent do you think companies are really aware of the risk of ransomware attacks, and why do you think many continue to ignore it?
Interlock: Companies that ignore potential attacks severely underestimate the risks in their pursuit of maximum profit. They collect NPI (Non-Public Information), analyze it effectively, and bombard users with targeted ads to increase revenue. Yet they forget their responsibility for the data they collect. We are here to remind them of that responsibility.
4 – RHC : Many cybergangs claim to act for the sake of justice, but public perception is often different. How would you like your actions to be interpreted? And how do you respond to those who simply consider you to be criminals?
Interlock: Public opinion is often based on misconceptions. Many companies exploit the public’s lack of understanding and intentionally mislead them. They claim to collect anonymized information, but in reality, they use large datasets to create detailed profiles, forming advertising bubbles to manipulate you into thinking you want their products. This technology is too complex for the average citizen to grasp.
5 – RHC : You have recently entered the cybercrime circle. What are your goals and propensity? Establish yourself as a valuable RaaS or operate on your own? Do you currently have an affiliate program? How is the business going?
Interlock: Our goal is to make the world a little safer than it was before.
6 – RHC : Net of the companies on your data leak site (DLS), which currently number 6, how many companies in total have you hacked and how much is the average ransomware you have been able to extort?
Interlock: You can track all companies on our site. Companies not listed there received a valuable lesson, corrected their mistakes, and deserve respect for their actions.
7 – RHC : Now let’s talk about your solution. How does your ransomware differ from other ransomware such as the popular LockBit 3.0 or Akira? If you had to explain to a potential affiliate why to start a partnership with you, what would you say from a technical point of view regarding your solution?
Interlock: We don’t explain our program’s advantages to potential partners. First, we verify that our partners are competent black hats with enough experience to evaluate our software. We do not accept beginners.
8 – RHC : You are among the few groups to have developed ransomware for FreeBSD, a robust platform used in complex environments such as data centers (WhatsApp, Playstation, pfSense) and critical infrastructure. How did you come to choose FreeBSD as your target and what technical challenges did you face in developing ransomware for this system?
Interlock: There were no difficulties with FreeBSD. We had a goal, and we achieved it.
9 – RHC : What vulnerabilities or configuration errors do you find most frequently in your targets? Are there any common trends you have observed in compromised enterprise infrastructures?
Interlock: The main trend is the human factor. We see frustration consuming network administrators at work they do everything except their job. Pornography, endless online shopping, entertainment services, and social media dominate their time.
11 – RHC : How do you assess the effectiveness of current cybersecurity defenses adopted by companies? Are there solutions or practices that, in your opinion, would make systems more secure against attacks such as yours?
Interlock: Security measures are improving, which is exciting it’s a new challenge for us. While methods exist to complicate attacks, fully secure networks are a utopia. Risks can be reduced, but not eliminated entirely.
12 – RHC : If you were to give advice to a company that does not yet have a cybersecurity programme in place. What would be the first thing to do?
Interlock: Think carefully, then make a choice not the other way around.
13 – RHC : In the second quarter of 2024, ransomware attacks grew significantly, you also report this on your site. What do you think about this trend? Do you think we may reach a saturation or ‘balancing’ point, where companies will adopt defences that will make attacks like yours less effective?
Interlock: Apsis will always arrive, and then a new game with new rules and new players will begin.
14 – RHC : Your manifesto amazed us with the way it communicated. It talks about “lessons that companies will not forget.” Have you ever observed companies or individuals actually learning lessons from your attacks? How would you feel if companies drastically improved their defenses?
Interlock: Almost all companies strengthen their defenses after encountering us. However, some fail to learn the lesson and continue using outdated methods. That doesn’t last long.
15 – RHC : Many ransomware has also affected public institutions, hospitals and critical sectors, causing harm to innocent individuals. How do you choose your victims and what about collateral damage that may affect people outside the company? Do you have internal policies prohibiting specific targets?
Interlock: Paradoxically, critical systems like public institutions and hospitals often have minimal protection. This lack of security investment highlights the need for prioritizing their defense.
16 – RHC : Artificial intelligence is increasingly integrated into cybersecurity. What are your thoughts on attempts to use AI to anticipate, prevent, and mitigate attacks like yours? Are there particular countermeasures you plan to take in response to this technology?
Interlock: Artificial intelligence changes the playing field. We enjoy this game and evolve to counter it.
17 – RHC : Do you agree with the statement “if you use a computer but don’t make an effort to protect it (and thus know the tool), you don’t deserve to use it”?
Interlock: Forget restrictions everyone should use computers. Mistakes happen to everyone.
18 – RHC : From your DLS there is a sensitivity in the area of cybersecurity. Although your actions can only be judged as crime statistics, what really motivated you to enter this area excluding money?
Interlock: Money + information what could be better?
19 – RHC : Have you ever offered to explain to a victim the flaws you exploited and how to fix them to avoid future attacks?
Interlock: No, we haven’t.
20 – RHC : What do you think is the real motivation as to why the state of the art in the cybersecurity world is poor despite investments (both financial and otherwise) in the field? Do you think it has much appearance and little substance?
Interlock: Cybersecurity remains poor because efforts focus on reactive measures, flashy tools, and compliance instead of addressing fundamental issues like talent, implementation, and security basics.
22 – RHC : What’s the dumbest misconfiguration/vulnerability you have found on victim networks?
Interlock: A global company’s domain administrator used a single space as a password.
23 – RHC : What would you say to someone who told you that you should help make networks secure instead of abusing them for economic reasons alone?
Interlock: “We’re already helping make them safer. Give it time, and you’ll see for yourself.”
24 – RHC : What is the first suggestion you would give to someone who wants to start a new RaaS? Based on your experience, what were the most difficult and what were the easiest aspects?
Interlock: Assess the risks, and if you’re ready to accept them, we wish you luck. The impossible is possible.
25 – RHC : Lately, intelligence and government agencies have been actively campaigning to destroy criminals’ digital assets and disruptive operations, what is your consideration of this? Are you concerned about it?
Interlock: Yes, we’re concerned when cops are behind us, but we never turn our backs on them.
26 – RHC : Finally, if you could send a message to companies that you consider “negligent” and underestimate the value of data, what would be your advice to them? What should they change today to avoid being future targets?
Interlock: Don’t waste your energy and time. We’ll do it for you. 😉
27 – RHC : Thank you guys very much for the interview. We do these interviews to make our readers understand that cybersecurity is a purely technical subject and that in order to be able to win the fight against cybercrime we need to be stronger than you, who are known to be often one step ahead of everyone. Is there anything you would like to say to our readers, or to potential victims of your operations?
Interlock: Cybersecurity is a team effort. While red hat are often a step ahead, staying vigilant, using strong passwords and keeping software updated can make a huge difference.
RHC Dark Lab