ShrinkLocker ransomware has been discovered by security researchers, using the BitLocker feature in Windows to encrypt victim data. BitLocker, a full-volume encryptor introduced in Windows Vista in 2007, has seen upgrades in newer versions of Windows to enhance its security features.
Researchers from Kaspersky found ShrinkLocker being used to encrypt data in Mexico, Indonesia, and Jordan, renaming it for its use of BitLocker and its partition shrinking capabilities. This ransomware is not the first to exploit BitLocker, with previous incidents reported in Iran and Russia.
ShrinkLocker uses a VisualBasic script to resize disks and encrypt data, disabling BitLocker key protections in the process. The ransomware generates a 64-character encryption key using various elements and encrypts data on the system. Recovery without the attacker-supplied key is challenging due to the unique values used in key generation.
To protect against ShrinkLocker attacks, Kaspersky recommends robust endpoint protection, proactive threat scanning, strong password usage for BitLocker, minimal user privileges, network traffic monitoring, script logging, offline backups, and frequent testing. Organizations can use provided indicators to determine if they have been targeted by ShrinkLocker.
Overall, the threat of ransomware continues to evolve, with attackers finding new ways to evade detection and cause disruptions to systems.
Vocabulary List:
- ransomware (noun): Software designed to deny access to a computer system or data until a ransom is paid.
- encrypt (verb): To convert information or data into a code to prevent unauthorized access.
- victim (noun): A person who is harmedinjuredor killed as a result of a crime or other event.
- exploit (verb): To make full use of and derive benefit from a resource.
- endpoint (noun): A device that serves as a connection or communication point in a network.
- indicators (noun): Signs or signals that point to a particular condition or result.
