Monday, 17 February 2025
26.4 C
Singapore
21.8 C
Thailand
21.2 C
Indonesia
27.1 C
Philippines

New ransomware exploiting Windows BitLocker discovered

A new ransomware strain, ShrinkLocker, uses Windows BitLocker to encrypt files, targeting government agencies and manufacturing firms.

Cybersecurity researchers recently uncovered a new strain of ransomware that utilises Windowsย BitLocker to lock users out of their devices. Dubbed ShrinkLocker by Kaspersky, this ransomware hasย been observedย targeting government agencies and firms in the manufacturing and pharmaceutical sectors.

How ShrinkLocker works

When ShrinkLocker infects a system, it shrinks available non-boot partitions by 100 MB and creates new primary boot volumes of the same size. It then uses BitLocker, a feature in some versions ofย Microsoftย Windows, to encrypt the files on the device.

Unlike other ransomware variants, ShrinkLocker does not leave a ransom note. Instead, it labels new boot partitions with email addresses, presumably encouraging victims to communicate through this channel. Additionally, ShrinkLocker deletes all BitLocker protectors after encrypting the files, leaving victims with no way to recover the encryption key. The attackers hold the key, obtained through TryCloudflare, a legitimate tool developers use to test CloudFlare’s tunnel without adding a site to CloudFlare’s DNS.

Previous incidents of BitLocker-based attacks

While ShrinkLocker is not the first ransomware to use BitLocker, it does introduce new features to increase the attack’s impact. In the past, a hospital in Belgium fell victim to a ransomware strain that encrypted 100 TB of data on 40 servers using BitLocker. Similarly, Miratorg Holding, a meat producer and distributor in Russia, suffered a similar fate in 2022.

International impact

ShrinkLocker has already affected organisations in Mexico, Indonesia, and Jordan, including steel and vaccine manufacturing companies. The full extent of the damage caused by this ransomware is yet to be determined.

Hot this week

Global PlayStation Network outage leaves players frustrated

Sony will compensate PlayStation Plus subscribers with five extra days of service following a major PlayStation Network outage that lasted nearly a day.

Powerbeats Pro 2 launched with heart rate monitoring, ANC, and improved fit

Apple launches Powerbeats Pro 2, which offers heart rate monitoring, ANC, improved fit, and up to 45 hours of battery life. It is available now for US$329.

Elon Muskโ€™s US$97 Billion OpenAI takeover attempt: Whoโ€™s funding it?

Elon Musk and investors launch a $97.4B bid for OpenAIโ€”is it a real takeover or a move to disrupt Sam Altmanโ€™s plans?

Insta360 unveils Flow 2 Pro gimbal with AI-powered tracking

Insta360 launches the Flow 2 Pro, an upgraded gimbal with AI-powered tracking, Apple DockKit integration, and new creative shooting modes.

FCC launches investigation into Comcastโ€™s DEI policies

The FCC launched an investigation into Comcastโ€™s DEI programs amid growing scrutiny under the Trump administration.