The Interlock ransomware group is an emerging threat actor that surfaced in late 2024 and has been actively targeting organisations through 2025. Despite a relatively modest number of known victims, Interlock’s campaigns have had outsized impact, compromising large enterprises and critical sectors across North America and Europe. 

The group employs double-extortion tactics: stealing vast amounts of sensitive data and then encrypting systems, leveraging data leaks as additional pressure for ransom payment. Uniquely, Interlock developed ransomware payloads for both Windows and FreeBSD operating systems, enabling them to target not only typical corporate networks but also FreeBSD servers in critical infrastructure. Interlock’s toolset extends beyond ransomware to include custom malware (like the “NodeSnake” (https://www.quorumcyber.com/resources-reports/) remote access Trojan) and infostealers, highlighting a multi-stage attack chain. 

In summary, Interlock represents a financially motivated big-game hunting operation that, while not among the most prolific ransomware gangs yet, has demonstrated rapid evolution in techniques and significant harm to its victims.