Security Week

Ransomware Group Takes Credit for National Presto Industries Attack

Ionut Arghire Published: April 1, 2025 | Updated: April 1, 2025 2 min read

The InterLock ransomware group over the weekend claimed responsibility for a disruptive cyberattack on National Presto Industries that occurred on March 1.

The home appliance and ammunition company disclosed the incident in early March, in a regulatory filing with the SEC, saying that it was working on restoring systems, while temporary measures had been implemented to maintain critical functions.

National Presto Industries did not say what type of cyberattack it fell victim to, but the outage suggested that ransomware was likely involved.

Over the weekend, InterLock added National Presto Industries’ subsidiary National Defense Corporation to its Tor-based leak site, confirming that ransomware was indeed used in the attack.

The ransomware gang says it stole vast amounts of data from the company, including roughly 450,000 folders containing close to 3 million files.

National Presto Industries has made no public statement regarding the group’s claims. SecurityWeek has emailed the company for additional information and will update this article if a reply arrives.

InterLock told DataBreaches that it attempted to extort the company, but negotiations have been unsuccessful as National Defense Corporation did not consider the incident to be major.

The company allegedly told InterLock that the stolen information would be of no value to others, and that it would experience minimal financial impact from the data breach.

Advertisement. Scroll to continue reading.

National Defense Corporation also allegedly told InterLock that it had already restored its systems, returning all operations back to normal.

The ransomware gang, on the other hand, claims to have encrypted the systems of at least three National Presto Industries entities, including AMTEC, which makes ammunition and explosives for the military and law enforcement.