in , ,

BitLocker Is Used Against You by ShrinkLocker Ransomware: Encryption-Craving Malware Aimed at Industries and Governments

Read Time:3 Minute, 9 Second

Unsettlingly, a new ransomware outbreak called “ShrinkLocker” has repurposed BitLocker as a weapon. This new assault technique turns the well-known BitLocker encryption mechanism into a far more potent and widespread weapon. The fact that ShrinkLocker has already been used against manufacturing and governmental organizations indicates a major advancement in ransomware capabilities.

Kaspersky Discovers the Range of ShrinkLocker

Leading cybersecurity company Kaspersky, known for its anti-virus software and innovative malware research, has discovered ShrinkLocker in a number of nations, including Mexico, Indonesia, and Jordan. The assaults have only thus far focused on corporate PCs. While BitLocker-based assaults are not new, ShrinkLocker has distinctive features that make it stand out.

The Workings of ShrinkLocker

ShrinkLocker uses Windows programming language VBScript, which is outdated and will be deprecated with Windows 11 24H2, to identify the host computer’s operating system. The malicious malware initiates a customized BitLocker setup procedure after identifying the operating system. On any PC running Windows Vista or Windows Server 2008 or later, this activates BitLocker. If the operating system is too old, ShrinkLocker disappears by itself.

The next action taken by the virus is to reduce the size of every disk partition by 100MB in order to make room for a new boot partition; thus the term “ShrinkLocker.” After that, it removes every protector holding the encryption key, making it impossible for the victim to recover. A fresh, randomly generated 64-character encryption key is created and sent to the attacker, along with other relevant details on the hacked system. After deleting activity records and forcing a system shutdown, the script locks and encrypts every device on the computer using the newly formed boot partition. As a result, the computer and its contents are totally unreachable.

See also  According to a recent study, vaping can affect blood pressure and heart rate.

The Disastrous Effect

The clever assault by ShrinkLocker effectively bricks victims’ hard drives. Because the attack’s designer is so knowledgeable about hidden Windows internals and tools, the virus is incredibly covert. The source of the attack and the final destination of the stolen data could not be determined by Kaspersky’s research. On one compromised PC, however, a ShrinkLocker script that was left behind did not have BitLocker configured.

In contrast to other ransomware assaults, ShrinkLocker makes it difficult to recover the ransom money. It takes more research than just editing the BitLocker recovery screen to find the new boot partition, which is renamed to the attacker’s email address. This intricacy raises the possibility that disruption and data destruction, rather than monetary gain, may be ShrinkLocker’s main objectives.

Strategies for Mitigation and Prevention

IT specialists may take the following actions to lessen the threats that ShrinkLocker and related malware pose:

  1. Regular Backups: To guarantee recovery in the event of an attack, regularly backup important data.
  2. User Privilege Management: To avoid unwanted modifications, limit users’ access to BitLocker registry entries and settings.
  3. Advanced Security Solutions: To monitor and safeguard your network, use high-end Endpoint Protection Platforms (EPP) or Managed Detection and Response (MDR) systems.

Kaspersky naturally suggests its own solutions for strong protection in its technical analysis on ShrinkLocker.

The Wider Consequences

An extensive technical study of the script and the ShrinkLocker attack is available from Kaspersky. Although BitLocker can only be found on “Pro” or corporate editions of Windows at the moment, Microsoft intends to make BitLocker available to all users beginning with Windows 11 24H2. BitLocker will now be activated immediately upon reinstallation thanks to this upgrade, which may make BitLocker-based attacks more accessible to specific PCs.

See also  Hurricane Season's Final Chapter: Late-Season Storm Threats Emerge

The weaponization of BitLocker by ShrinkLocker emphasizes the necessity of increased awareness and preventative security measures as ransomware assaults continue to develop. It is imperative for both individuals and enterprises to be well-informed and equipped to tackle complex threats and safeguard data in the ever-more-perilous digital realm.

What do you think?

Tests of the SpaceX Raptor Engine End in a Fiery Explosion

While Iowa recuperates from tornado damage, the Midwest is hit by more severe weather.