Thursday, 3 April 2025
24.9 C
Singapore
26.8 C
Thailand
20.7 C
Indonesia
26.9 C
Philippines

New ransomware exploiting Windows BitLocker discovered

A new ransomware strain, ShrinkLocker, uses Windows BitLocker to encrypt files, targeting government agencies and manufacturing firms.

Cybersecurity researchers recently uncovered a new strain of ransomware that utilises Windowsย BitLocker to lock users out of their devices. Dubbed ShrinkLocker by Kaspersky, this ransomware hasย been observedย targeting government agencies and firms in the manufacturing and pharmaceutical sectors.

How ShrinkLocker works

When ShrinkLocker infects a system, it shrinks available non-boot partitions by 100 MB and creates new primary boot volumes of the same size. It then uses BitLocker, a feature in some versions ofย Microsoftย Windows, to encrypt the files on the device.

Unlike other ransomware variants, ShrinkLocker does not leave a ransom note. Instead, it labels new boot partitions with email addresses, presumably encouraging victims to communicate through this channel. Additionally, ShrinkLocker deletes all BitLocker protectors after encrypting the files, leaving victims with no way to recover the encryption key. The attackers hold the key, obtained through TryCloudflare, a legitimate tool developers use to test CloudFlare’s tunnel without adding a site to CloudFlare’s DNS.

Previous incidents of BitLocker-based attacks

While ShrinkLocker is not the first ransomware to use BitLocker, it does introduce new features to increase the attack’s impact. In the past, a hospital in Belgium fell victim to a ransomware strain that encrypted 100 TB of data on 40 servers using BitLocker. Similarly, Miratorg Holding, a meat producer and distributor in Russia, suffered a similar fate in 2022.

International impact

ShrinkLocker has already affected organisations in Mexico, Indonesia, and Jordan, including steel and vaccine manufacturing companies. The full extent of the damage caused by this ransomware is yet to be determined.

Hot this week

Google Pixel 9a arrives in Singapore this April for S$799

The Google Pixel 9a launches in Singapore in April 2025 with a Tensor G4 chip, 48MP camera, and seven years of updates, starting at S$799.

These robot vacuums are getting smarter with Apple Home support

Appleโ€™s iOS 18.4 update adds Matter support for robot vacuums, enabling control via Apple Home. Roborock, iRobot, and Ecovacs are updating their devices.

OPPO launches Watch X2 in Singapore with premium design and advanced health features

OPPO introduces the Watch X2 in Singapore with a premium design, advanced health features, and up to 16 days of battery life.

Roblox introduces new parental controls to enhance child safety

Roblox introduces new parental controls, allowing parents to block games, restrict friends, and monitor their childโ€™s activity for better safety.

MLBB and OPPO crown regional champions at APAC Smooth Legend Cup

IDONOTSLEEP and Maru Gamerpact Esports take top honours at the MLBB x OPPO Smooth Legend Cup APAC Grand Finals.

Qualcomm expands AI research with MovianAI acquisition

Qualcomm has acquired Vietnamese AI research firm MovianAI to boost its AI development in smartphones, PCs, and software-defined vehicles.

Roblox introduces new parental controls to enhance child safety

Roblox introduces new parental controls, allowing parents to block games, restrict friends, and monitor their childโ€™s activity for better safety.

Anthropic introduces Claude for Education, a new AI chatbot plan for universities

Anthropic launches Claude for Education, an AI chatbot plan for universities that offers advanced learning tools and administration support.

Exabeam introduces Nova, an agentic AI that boosts cybersecurity operations

Exabeam unveils Nova, a proactive AI agent that boosts security team productivity and reduces incident investigation time by over 50%.

Related Articles