Friday, 22 November 2024
25 C
Singapore

New ransomware exploiting Windows BitLocker discovered

A new ransomware strain, ShrinkLocker, uses Windows BitLocker to encrypt files, targeting government agencies and manufacturing firms.

Cybersecurity researchers recently uncovered a new strain of ransomware that utilises Windows BitLocker to lock users out of their devices. Dubbed ShrinkLocker by Kaspersky, this ransomware has been observed targeting government agencies and firms in the manufacturing and pharmaceutical sectors.

How ShrinkLocker works

When ShrinkLocker infects a system, it shrinks available non-boot partitions by 100 MB and creates new primary boot volumes of the same size. It then uses BitLocker, a feature in some versions of  Windows, to encrypt the files on the device.

Unlike other ransomware variants, ShrinkLocker does not leave a ransom note. Instead, it labels new boot partitions with email addresses, presumably encouraging victims to communicate through this channel. Additionally, ShrinkLocker deletes all BitLocker protectors after encrypting the files, leaving victims with no way to recover the encryption key. The attackers hold the key, obtained through TryCloudflare, a legitimate tool developers use to test CloudFlare’s tunnel without adding a site to CloudFlare’s DNS.

Previous incidents of BitLocker-based attacks

While ShrinkLocker is not the first ransomware to use BitLocker, it does introduce new features to increase the attack’s impact. In the past, a hospital in Belgium fell victim to a ransomware strain that encrypted 100 TB of data on 40 servers using BitLocker. Similarly, Miratorg Holding, a meat producer and distributor in Russia, suffered a similar fate in 2022.

International impact

ShrinkLocker has already affected organisations in Mexico, , and Jordan, including steel and vaccine manufacturing companies. The full extent of the damage caused by this ransomware is yet to be determined.

Hot this week

Canon Singapore and Temasek Polytechnic join forces to boost security training

Canon Singapore partners with Temasek Polytechnic to establish a Security Technology Experience Centre, enhancing training for security professionals in Singapore.

Exabeam and Wiz join forces to enhance cloud security threat detection

Exabeam and Wiz team up to enhance cloud security with AI analytics and actionable insights, empowering organisations to combat growing cyber threats.

OPPO Singapore launches ‘Find 24-Hour Miracle’ photography contest

OPPO Singapore launches the #Find24HourMiracle photography contest, inviting participants to capture Singapore’s beauty with the new OPPO Find X8 Series.

UGREEN Surge Protector Power Strip review: Fast charging meets smart safety

The UGREEN Surge Protector Power Strip offers fast charging, 10-device support, and surge protection but faces durability concerns.

Only half of Singaporeans willing to reskill for the AI era, lagging behind regional peers

Only 53% of Singaporeans are willing to reskill for AI, according to the Decoding Global Talent 2024 report, highlighting key challenges.

UGREEN Surge Protector Power Strip review: Fast charging meets smart safety

The UGREEN Surge Protector Power Strip offers fast charging, 10-device support, and surge protection but faces durability concerns.

Microsoft’s AI agents in Microsoft 365 to handle your mundane tasks

Boost productivity with Microsoft 365's new AI agents, handling tasks in SharePoint, Teams, and Planner for better efficiency and collaboration.

New features in GPT-4o enhance creativity and efficiency

GPT-4o enhances creative writing with improved speed, capabilities, and cost-efficiency, offering tailored and natural responses for users.

The Windows 11 24H2 update continues to cause problems

Windows 11 24H2 update causes time zone bugs, audio glitches, and sync issues; Microsoft promises fixes in the next update.

Related Articles

Popular Categories