Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Hackers Exploit Windows BitLocker in New Ransomware Attack
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Hackers Exploit Windows BitLocker in New Ransomware Attack

Highlights

  • ShrinkLocker ransomware uses Windows BitLocker to encrypt files.

  • It disables recovery keys and displays the attacker's email for ransom.

  • Recommendations include least privilege, logging, and robust backups.

Kaan Demirel
Last updated: 19 June, 2024 - 1:17 pm 1:17 pm
Kaan Demirel 12 months ago
Share
SHARE

Emerging reports reveal that cybercriminals are leveraging the Windows BitLocker tool in a new ransomware campaign. The attack, known as “ShrinkLocker,” uses BitLocker’s full-disk encryption capabilities to lock users out of their own systems. Subsequently, the attackers demand a ransom for the decryption key, putting users’ data at significant risk. In-depth analysis by cybersecurity firm Kaspersky has shed light on the technical intricacies of this malicious operation.

Contents
ShrinkLocker Windows BitLockerRecommendations

ShrinkLocker Windows BitLocker

The ShrinkLocker ransomware encrypts local drives and then reduces the size of drive partitions by 100MB to create its own boot partition. This alteration disables BitLocker recovery keys and sends the encryption key to cybercriminals. Upon rebooting, victims are confronted with a standard BitLocker password prompt but are unable to access their systems. Instead of a typical ransom note, the drive labels are changed to display the attacker’s email address for ransom negotiations.

ShrinkLocker employs a VBScript ransomware program to gather information about the operating system versions, prepare drives by altering partition sizes, and modify the Windows registry so that BitLocker is encrypted according to the attacker’s specifications. The malware disables recovery keys, activates password protection for these keys, generates a password for encrypting the drive, and then uses it to carry out the encryption process.

Recommendations

Security experts recommend several measures to mitigate the risks posed by ShrinkLocker. These include implementing the least privilege principle, which restricts the ability to modify the registry or enable full-disk encryption. Monitoring and logging HTTP POST requests can help detect potential password and key exfiltration. Additionally, it is crucial to monitor and log VBS and PowerShell activities, storing these logs externally to prevent malware from deleting them. Regularly backing up data to offline storage and using reliable endpoint security solutions are also advised. Utilizing Endpoint Detection and Response (EDR) tools can help monitor and respond to suspicious endpoint activities effectively.

The ShrinkLocker ransomware has already been reported in regions such as Indonesia, Jordan, and Mexico, highlighting the global reach of these cyber attacks. The use of BitLocker, a built-in Windows utility, by ransomware developers underscores the evolving tactics of cybercriminals in exploiting system tools for malicious purposes. This trend underlines the importance of robust cybersecurity measures to safeguard sensitive data.

Comparatively, earlier ransomware strains typically employed custom encryption algorithms or third-party tools to lock user files. ShrinkLocker’s use of BitLocker represents a shift towards leveraging built-in system utilities, making detection and prevention more challenging. This approach takes advantage of the trust users place in native operating system tools, further complicating efforts to mitigate such attacks.

Furthermore, the tactic of shrinking drive partitions to create boot partitions is a novel method not commonly observed in previous ransomware attacks. This technique effectively prevents users from accessing their data, even if they attempt to use recovery options. As cyber threats continue to evolve, so must the strategies for defending against them.

To address these challenges, organizations and users must stay informed about evolving ransomware tactics and adopt proactive security measures. Regular system updates, employee training on recognizing phishing attempts, and robust access controls are essential components of a comprehensive cybersecurity strategy. Additionally, leveraging advanced threat detection and response tools can provide an added layer of defense against sophisticated ransomware like ShrinkLocker.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Law Enforcement Shuts Down AVCheck to Block Cybercriminal Tool Access

FBI Arrests DIA Insider for Alleged Classified Info Leak

Senators Demand DHS Restore Cyber Safety Review Board After Hack

Treasury Department Stops Crypto Scam Network With Sanctions

Attackers Target Ivanti EPMM Flaws, Breaching Major Sectors

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Samsung Reveals Details for Upcoming Smartwatches
Next Article AI Browser Extension Detects Phishing Sites with High Accuracy

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

SpaceX and Axiom Launch New Missions as Japan Retires H-2A Rocket
Technology
AI-Powered Racecars Drive Competition at Laguna Seca Event
Robotics
Tesla Faces Removal of 64 Superchargers on New Jersey Turnpike
Electric Vehicle
SSi Mantra Robotic System Surpasses 4,000 Surgeries Globally
Robotics
Wordle Challenges Players With ‘HABIT’ in May 31 Puzzle
Gaming
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?