The DaVita ransomware incident has another update:

DaVita submitted a report to HHS on August 1 that has just shown up on HHS's public breach tool. It indicates that DaVita reported the incident to them as affecting
2,689,826 patients. That makes it the 3rd largest incident reported to HHS so far this year.

Previous post on this incident with background on their other incidents over the years at https://databreaches.net/2025/08/05/more-than-1-million-patients-affected-by-davita-ransomware-attack-those-are-preliminary-numbers/

#CISA and #FBI warn of escalating #Interlock #ransomware attacks

https://www.bleepingcomputer.com/news/security/cisa-and-fbi-warn-of-escalating-interlock-ransomware-attacks/

#Interlock #ransomware adopts #FileFix method to deliver #malware

https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/

#Interlock #ransomware claims #KetteringHealth breach, leaks stolen data

https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-kettering-health-breach-leaks-stolen-data/

The Fowler Elementary School District, located in Phoenix, Arizona, has reportedly fallen victim to a cyberattack involving what may be a substantial volume of sensitive data. The incident was claimed by the Interlock ransomware group, which published its announcement on May 3, 2025, through a post on its blog hosted within the Tor network.

https://www.suspectfile.com/data-breach-at-fowler-elementary-school-district-the-interlock-ransomware-groups-attack/

@PogoWasRight @douglevin @funnymonkey
#Interlock #FESD #Infosec #Data_Breach #Ransomware

Updating an incident:

The InterLock ransomware gang has claimed responsibility for the DaVita attack. They claim to have exfiltrated  1,510 GB of data,  683,104 files, and  75,836 folders, and have leaked the file tree and some folder information.

Since the apparition of the #Interlock ransomware, the Sekoia #TDR team observed its operators evolving, improving their toolset (#LummaStealer and #BerserkStealer), and leveraging new techniques such as #ClickFix to deploy the ransomware payload.

https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/

#Ransomware strikes again! #Interlock targets healthcare, disrupting patient care & threatening data leaks. Learn how to boost your defenses now. #CyberThreat #Healthcare https://www.defensorum.com/us-healthcare-organizations-targeted-by-new-interlock-ransomware-group/

Trend Micro further said that the threat actors likely created a FreeBSD encryptor as the operating system is commonly used in critical infrastructure, where attacks can cause widespread disruption.

"Interlock targets FreeBSD as it's widely utilized in servers and critical infrastructure. Attackers can disrupt vital services, demand hefty ransoms, and coerce victims into paying," explains Trend Micro.

https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/

If anyone gets their hands on the #interlock #malware sample that targets #FreeBSD systems, I'd love to help analyze it: https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/