Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Hackers use the ShrinkLocker ransomware to corrupt your BitLocker
The malware deletes files and logs related to it
2 min. read
Published onMay 25, 2024
published onMay 25, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
ShrinkLocker is the name of the new ransomware that’s affecting Microsoft’s BitLocker. Like most ransomware, it encrypts corporate files, steals decryption keys, and asks you to pay a ransom to retrieve them. So,BitLocker isn’t safeon modern devices.
Global Emergency Response, the maker of the Kaspersky antivirus, discovered and named it. According to them, the ransomware targets steel and vaccine manufacturing companies and governmental institutions from Mexico, Indonesia, and Jordan.
How did the hackers develop the ShrinkLocker ransomware?
Cybercriminals created the ShrinkLocker ransomware using Visual Basic Scripting (VBScript), adeprecated programming languagefor automated tasks and controlling applications on Windows-based systems. The ShrinkLocker script can verify the current version of your Windows. According toKaspersky, it can attack new and old systems dating back to Windows 2008.
The ShrinkLocker ransomware will delete itself if your device doesn’t meet the requirements of the wrongdoer. For example, if your domain doesn’t match the target or your device is older than Vista, it won’t affect you.
If your device is suitable for the attack, ShrinkLocker will change your boot settings. Then, it will use BitLocker to attempt to encrypt your partitions. Besides that, it will use the diskpart command to shrink your non-Windows partitions. Afterward, it creates primary volumes using the unallocated space left and reinstalls the boot files on the new partitions.
The ransomware locks you out
ShrinkLocker can lock you out of your device because it removes the security systems of your BitLocker encryption key to prevent you from recovering it. The ransomware removes the key from your device after sending it to the hackers.
When the malware finishes its process, it shuts down your device and leaves you with all drivers locked and without a way to recover what’s lost. Also, it deletes the files and logs that could lead to details about the attack. On top of that, if you attempt to open your device, it shows the following message:There are no more BitLocker recovery options on your PC.
Ultimately, to protect your device and organization from the ShrinkLockerransomware, you can use an Endpoint Protection Platform (EPP) solution. It will help you find out if anyone tried to tinker with your BitLocker, limit users, and track events related to VBS and PowerShell.
Did you ever encounter a BitLocker malware? Let us know in the comments.
More about the topics:Bitlocker,Cybersecurity
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
