What’s ShrinkLocker?
ShrinkLocker is a household of ransomware that encrypts an organisation’s information and calls for a ransom fee with the intention to restore entry to their recordsdata. It was first recognized by safety researchers in Could 2024, after assaults have been noticed in Mexico, Indonesia, and Jordan.
To date, so regular. What makes it noteworthy?
The ShrinkLocker ransomware is uncommon as a result of it makes use of VBScript and Microsoft Home windows’s official safety device BitLocker to help with the encryption of victims’ recordsdata.
Hold on. You imply BitLocker, the full-disk-encryption function that is presupposed to increase safety by stopping anybody with out correct authentication from accessing your recordsdata?
That is the one. Ironic is not it? BitLocker, for anybody who does not know, is a function constructed into Home windows that makes use of sturdy encryption to scramble information in your pc’s laborious drive. If you do not know the password to unlock a pc, you’ll be able to’t entry its information.
Which is nice in case your laptop computer is stolen by a thief…
…however not so good if ShrinkLocker is the one which’s chosen to scramble your information with Bitlocker, and never informed you the password it used. Your pc will not have the ability to inform the distinction between you and a thief – and preserve you each locked out. Anybody beginning up the pc shall be confronted with the usual BitLocker immediate for a password.
Has BitLocker been used on this means earlier than by cybercriminals?
Sure, for example in January 2021 a Belgian hospital had 100TB of its information encrypted on 40 of its servers utilizing BitLocker. The next yr a Moscow-based meat producer and distributor reportedly had its programs encrypted by a malicious attacker utilizing BitLocker.
Maybe probably the most high-profile abuse of the built-in BitLocker device has been by the Iranian cybercrime gang Storm-0270 (also referred to as Nemesis Kitten), which Microsoft claimed in September 2022 had been accountable for a number of ransomware assaults.
So, does ShrinkLocker depart a ransom be aware?
No, as a substitute it adjustments the names of all your system drives to a contact tackle for the attacker.
So how do I get my arms on the password with out paying up?
Sadly, the password used to encrypt your drive has been saved on the attacker’s personal server.
However the excellent news is that safety agency Bitdefender has launched a free decryption device that may assist ShrinkLocker victims get well their recordsdata.
Editor’s Word: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially replicate these of Tripwire.
