ShrinkLocker Ransomware Exploits Microsoft BitLocker for File Encryption

May 24, 2024 at 02:59 PM

•

1 min read

ShrinkLocker Ransomware Exploits Microsoft BitLocker for File Encryption — Photo: BleepingComputer

TL;DR Summary

A new ransomware strain called ShrinkLocker uses Windows BitLocker to encrypt files by creating new boot partitions, targeting government entities and companies in the vaccine and manufacturing sectors. Written in VBScript, ShrinkLocker detects specific Windows versions and modifies registry entries to disable remote desktop connections and enable BitLocker encryption without a TPM. The malware deletes BitLocker protectors to prevent recovery and uses TryCloudflare to deliver encryption keys. Kaspersky advises secure storage of recovery keys and regular offline backups to mitigate such attacks.

Topics:technology #bitlocker #cyberattack #cybersecurity #kaspersky #ransomware #shrinklocker

Share this article

New ShrinkLocker ransomware uses BitLocker to encrypt your files BleepingComputer
Here's yet more ransomware using BitLocker against Microsoft's own users The Register
New ransomware group abusing BitLocker Securelist
Novel ShrinkLocker ransomware exploits Microsoft BitLocker | SC Media SC Media
ShrinkLocker Ransomware Exploits Microsoft's BitLocker GovInfoSecurity.com

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

90%

850 → 82 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights