The Interlock ransomware group is an emerging threat actor that surfaced in 2024, quickly gaining attention for targeted, financially motivated attacks. Interlock appears to operate under a ransomware-as-a-service (RaaS) or affiliate-based model and primarily targets mid-sized to large organizations, particularly those with complex enterprise networks.

Interlock employs double extortion tactics, stealing sensitive data before encrypting systems and threatening public disclosure if ransom demands are not met. Initial access has been linked to compromised credentials, phishing activity, and exploitation of exposed or unpatched remote services, followed by lateral movement using legitimate administrative tools to evade detection.

From a technical perspective, Interlock relies on established ransomware techniques rather than novel exploits, including disabling backups and security controls prior to encryption.