Joint advisory flags Interlock ransomware as an active cross-sector threat
CISA and partner agencies say Interlock ransomware activity is affecting businesses and critical infrastructure, with current guidance focused on access control, segmentation, patching, and phishing defense.
What happened
In July 2025, CISA, the FBI, the US Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint advisory on Interlock ransomware. The advisory says the guidance is intended to help businesses and critical infrastructure organisations in North America and Europe defend against Interlock activity, using indicators of compromise and tactics identified through recent FBI investigations.
Why it matters
This is another example of ransomware defense guidance moving beyond isolated victim reporting and into a standing defensive posture. The mitigation guidance is familiar but still important: patch exposed systems, reduce initial access opportunities, segment networks, and tighten identity controls. When agencies keep publishing this style of cross-sector advisory, the message is that ransomware resilience is still being lost through basic weaknesses rather than exotic failure modes.
Who is affected
- businesses with internet-facing infrastructure and uneven patch discipline
- healthcare and public-sector operators watching HHS-linked guidance closely
- security teams responsible for access control, segmentation, and phishing resistance
What to watch next
- whether Interlock appears more often in public incident attribution
- whether follow-on reporting links the group to particular sectors or recurring access paths
- whether organisations operationalise the guidance instead of treating it as another alert to file away
Sources and links
- CISA alert: Joint Advisory Issued on Protecting Against Interlock Ransomware
- Joint cybersecurity advisory referenced by CISA
Verification status
This briefing is based on an official multi-agency advisory.