Ransomware

Interlock ransomware bolsters stealth in new attacks

U.S. and UK education organizations have been subjected to more clandestine attacks by the Interlock ransomware gang for nearly a year, reports Cyber Security News.

Interlock leveraged ClickFix social engineering tactics to deploy the MintLoader payload that executed the NodeSnakeRAT implant for lateral network movement, according to a Fortinet analysis. Multiple tools, including AZcopy, have also been distributed for extensive data exfiltration ahead of ransomware delivery on targeted Windows endpoints and Nutanix hypervisors. Such ransomware deployment has been concealed by Interlock through the custom Hotta Killer evasion tool, which harnesses a zero-day flaw in the legitimate gaming anti-cheat driver GameDriverx64.sys, tracked as CVE-2025-61155, as part of a Bring Your Own Vulnerable Driver attack. Activation of Hotta Killer allows communication with the illicit driver, as well as kernel termination of security software prior to encryption activities.

Organizations have been urged to prohibit unauthorized remote access software, outbound PowerShell network connections, and SMB and RDP connections between workstations.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds