What’s ShrinkLocker?
ShrinkLocker is a household of ransomware that encrypts an organisation’s information and calls for a ransom cost to be able to restore entry to their recordsdata. It was first recognized by safety researchers in Could 2024, after assaults had been noticed in Mexico, Indonesia, and Jordan.
Up to now, so regular. What makes it noteworthy?
The ShrinkLocker ransomware is uncommon as a result of it makes use of VBScript and Microsoft Home windows’s authentic safety software BitLocker to help with the encryption of victims’ recordsdata.
Hold on. You imply BitLocker, the full-disk-encryption function that is imagined to increase safety by stopping anybody with out correct authentication from accessing your recordsdata?
That is the one. Ironic is not it? BitLocker, for anybody who would not know, is a function constructed into Home windows that makes use of robust encryption to scramble information in your pc’s laborious drive. If you do not know the password to unlock a pc, you possibly can’t entry its information.
Which is nice in case your laptop computer is stolen by a thief…
…however not so good if ShrinkLocker is the one which’s chosen to scramble your information with Bitlocker, and never informed you the password it used. Your pc will not be capable to inform the distinction between you and a thief – and hold you each locked out. Anybody beginning up the pc will likely be confronted with the usual BitLocker immediate for a password.
Has BitLocker been used on this method earlier than by cybercriminals?
Sure, as an illustration in January 2021 a Belgian hospital had 100TB of its information encrypted on 40 of its servers utilizing BitLocker. The next yr a Moscow-based meat producer and distributor reportedly had its methods encrypted by a malicious attacker utilizing BitLocker.
Maybe probably the most high-profile abuse of the built-in BitLocker software has been by the Iranian cybercrime gang Storm-0270 (also referred to as Nemesis Kitten), which Microsoft claimed in September 2022 had been chargeable for a number of ransomware assaults.
So, does ShrinkLocker depart a ransom notice?
No, as an alternative it modifications the names of your entire system drives to a contact handle for the attacker.
So how do I get my palms on the password with out paying up?
Sadly, the password used to encrypt your drive has been saved on the attacker’s personal server.Â
However the excellent news is that safety agency Bitdefender has launched a free decryption software that may assist ShrinkLocker victims get well their recordsdata.
Editor’s Word: The opinions expressed on this visitor writer article are solely these of the contributor and don’t essentially mirror these of Tripwire.
