Detecting a new type of dangerous ransomware that uses Windows BitLocker to encrypt data.
Cyber security experts at Kaspersky have just discovered a new strain of ransomware called ShrinkLocker, which uses Windows' BitLocker encryption tool to lock data on the victim's computer. This type of ransomware has attacked many government agencies, manufacturing and pharmaceutical companies in Mexico, Indonesia and Jordan.
Windows BitLocker data protection tool is being exploited for malicious purposes.
ShrinkLocker works by shrinking non-boot partitions on the hard drive, then creating new boot partitions and using BitLocker to encrypt the data on them. This leaves the victim unable to access his data and is required to pay a ransom to regain control.
What's special about ShrinkLocker is that it doesn't leave a ransom note like other malware, but instead labels new boot partitions with email addresses, presumably to let victims contact the attackers. attack. Furthermore, after encrypting data, ShrinkLocker will remove all BitLocker recovery options on Windows, leaving the victim unable to recover the encryption key and completely losing control of the data.
ShrinkLocker also removes Windows BitLocker recovery options.
Although BitLocker is a legitimate Windows security feature, ShrinkLocker took advantage of it to cause great damage to victims. Experts warn that this is a new and dangerous threat that needs to be alert and prevented.
Faced with this situation, Windows users are advised to update their operating system and anti-virus software regularly, back up important data periodically, and not open suspicious files or links from emails or websites that are not unknown. clear origin.
