Interlock Ransomware Hijacks Weak Firewalls, AWS Warns Enterprises

AWS security researchers uncovered a new ransomware campaign dubbed “Interlock” that actively scans for misconfigured or outdated enterprise firewalls. Once a vulnerable device is found, the attackers establish a command‑and‑control channel through a rotating set of domains, deliver an encryption payload, and immediately lock critical services, demanding a ransom to restore access.

The threat is especially concerning because firewalls are a primary line of defense; compromising them gives attackers direct network reach and the ability to disrupt operations across the entire organization. Defenders must audit firewall configurations, enforce strong authentication, segment networks, and monitor for the distinctive C2 traffic patterns associated with Interlock to prevent a costly breach.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article