back to top
Wednesday, July 24, 2024

New ransomware exploiting Windows BitLocker discovered

A new ransomware strain, ShrinkLocker, uses Windows BitLocker to encrypt files, targeting government agencies and manufacturing firms.



Trending Stories

- Advertisement -

Cybersecurity researchers recently uncovered a new strain of ransomware that utilises Windows BitLocker to lock users out of their devices. Dubbed ShrinkLocker by Kaspersky, this ransomware has been observed targeting agencies and firms in the manufacturing and pharmaceutical sectors.

How ShrinkLocker works

When ShrinkLocker infects a system, it shrinks available non-boot partitions by 100 MB and creates new primary boot volumes of the same size. It then uses BitLocker, a feature in some versions of Microsoft Windows, to encrypt the files on the device.

Unlike other ransomware variants, ShrinkLocker does not leave a ransom note. Instead, it labels new boot partitions with email addresses, presumably encouraging victims to communicate through this channel. Additionally, ShrinkLocker deletes all BitLocker protectors after encrypting the files, leaving victims with no way to recover the encryption key. The attackers hold the key, obtained through TryCloudflare, a legitimate tool developers use to test CloudFlare's tunnel without adding a site to CloudFlare's DNS.

Previous incidents of BitLocker-based attacks

While ShrinkLocker is not the first ransomware to use BitLocker, it does introduce new features to increase the attack's impact. In the past, a hospital in Belgium fell victim to a ransomware strain that encrypted 100 TB of data on 40 using BitLocker. Similarly, Miratorg Holding, a meat producer and distributor in Russia, suffered a similar fate in 2022.

International impact

ShrinkLocker has already affected organisations in Mexico, Indonesia, and Jordan, including steel and vaccine manufacturing companies. The full extent of the damage caused by this ransomware is yet to be determined.

Tech Edition has partnerships that involve sponsored content. While this financial support helps us with daily operations, it doesn't affect the integrity of our reviews. We remain committed to delivering honest and insightful content to our readers.

Tech Edition is now on Telegram! Join our channel here and catch all the latest tech news!

Emma Job
Emma Job
Emma is a freelance news editor at Tech Edition. With a decade's experience in content writing, she revels in both crafting and immersing herself in narratives. From tracking down viral trends to delving into the most recent news stories, her goal is to deliver insightful and timely content to her readers.

Featured Content

Netgear Orbi 970 Series review: Revolutionising home WiFi with unmatched coverage

Read our comprehensive review of the Netgear Orbi 970 Series to discover how it transforms home WiFi with advanced features like WiFi 7, Quad-Band technology, and unparalleled coverage.

Related Stories