Security News

It exploits the Microsoft BitLocker encryption feature to encrypt the entire local drive and remove the recovery options before shutting down the PC. ShrinkLocker was discovered by cybersecurity firm Kaspersky, and analysts have observed variants in Mexico, Indonesia and Jordan. BitLocker has been used to stage ransomware attacks in the past, but this strain has "Previously unreported features to maximise the damage of the attack," Kaspersky said in a press release.

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. Ransomware using BitLocker to encrypt computers is not new.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. "Affected environments are those with the 'Enforce drive encryption type on operating system drives' or 'Enforce drive encryption on fixed drives' policies set to enabled and selecting either 'full encryption' or 'used space only'."

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. The technique was published in a YouTube video over the weekend and demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. As Microsoft explains, this happens because instead of displaying a CBS E INSUFFICIENT DISK SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR INSTALL FAILURE" error message instead. ?This happens because the WinRE image file deployed when installing the KB5034441 security update is too large for the recovery partition.

Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments. The issue also only impacts environments where drive encryption is enforced for OS and fixed drives.

Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment. This PowerShell script simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.

Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems. This aligns with Microsoft's findings that DEV-0270 uses BitLocker, a data protection feature that provides full volume encryption on devices running Windows 10, Windows 11, or Windows Server 2016 and above.

Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. During the August 2022 Patch Tuesday, Microsoft released the standalone KB5012170 'Security update for Secure Boot DBX' to resolve vulnerabilities found in various UEFI bootloaders that threat actors could use to bypass the Windows Secure Boot feature and execute unsigned code.