Interlock Ransomware: New Techniques, Same Old Tricks

**Executive Summary:** FortiGuard documents a multi-stage Interlock ransomware intrusion against an education-sector organization that began with a MintLoader PowerShell download, progressed through NodeSnakeRAT/Interlock RAT implants and credential harvesting, included bulk exfiltration (~250GB) using AZCopy and ScreenConnect-assisted RDP, and culminated in large-scale encryption of Windows hosts and Nutanix storage (using both JavaScript and ELF ransomware), while the adversary employed a BYOVD 'Hotta Killer' driver to attempt to disable Fortinet defenses; the report provides detailed malware analysis, IOCs, MITRE mappings, and mitigations.