Adrian Johnson
TLDR:
ShrinkLocker ransomware uses BitLocker to encrypt PC hard drives, targeting enterprise PCs with a unique method that involves shrinking drive partitions and creating a new boot partition. The attack is designed to be disruptive with data destruction rather than for ransom. Mitigation steps include frequent backups, restricting editing privileges, and using high-level network security solutions.
Full Article:
BitLocker has been weaponized by the new “ShrinkLocker” ransomware attack, targeting enterprise PCs with novel methods. The attack uses VBScript to identify Windows OS and set up BitLocker accordingly, encrypting all drives on the PC. Unique to ShrinkLocker is the creation of a new boot partition and deletion of encryption key protectors, making data recovery impossible for victims.
Kaspersky discovered the attack in Mexico, Indonesia, and Jordan, and noted that it has already been used against governments and manufacturing industries. The attacker had an extensive understanding of Windows internals and utilities, leaving almost no trace behind. The attack does not provide clear ransom instructions, indicating a focus on disruption and data destruction.
Mitigation steps recommended include making backups, restricting user privileges, and using high-level network security solutions. It is important for IT professionals to stay updated on security measures as BitLocker becomes more prevalent in Windows operating systems.
For a full technical analysis of the attack and script, refer to Kaspersky’s report. As Microsoft plans to enable BitLocker for all users in future Windows releases, individuals need to be aware of potential BitLocker attacks moving into the personal PC world.
