Security News > 2024 > May > What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature
It exploits the Microsoft BitLocker encryption feature to encrypt the entire local drive and remove the recovery options before shutting down the PC. ShrinkLocker was discovered by cybersecurity firm Kaspersky, and analysts have observed variants in Mexico, Indonesia and Jordan.
BitLocker has been used to stage ransomware attacks in the past, but this strain has "Previously unreported features to maximise the damage of the attack," Kaspersky said in a press release.
Attackers might deploy ShrinkLocker on a device by exploiting unpatched vulnerabilities, stolen credentials or internet-facing services to gain access to servers.
In a technical analysis, Kaspersky analysts describe both the detection of a ShrinkLocker attack and the decryption process as "Difficult." The latter is particularly hard because the malicious script contains variables that are different for each affected system.
Kaspersky experts have, so far, not been able to identify the source of the ShrinkLocker attacks or where the decryption keys and other device information are sent.
The following year, another attacker targeted one of Russia's largest meat suppliers in the same way, before Microsoft reported the Iranian government had sponsored a number of BitLocker-based ransomware attacks that demanded thousands of U.S. dollars for the decryption key.
News URL
https://www.techrepublic.com/article/bitlocker-ransomware-shrinklocker/
Related news
- Here's yet more ransomware using BitLocker against Microsoft's own users (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware (source)
- New ShrinkLocker ransomware uses BitLocker to encrypt your files (source)
- Microsoft links North Korean hackers to new FakePenny ransomware (source)