Newly discovered "Ransomware" uses BitLocker to encrypt victim data

Week 1 -Newly discovered "Ransomware" uses BitLocker to encrypt victim data

5/25/2024

Newly discovered ransomware uses BitLocker to encrypt victim data | Ars Technica

 Cybersecurity experts have identified a new ransomware strain named ShrinkLocker that uses Microsoft Bitlocker to encrypt corporate files and extort payments from victim organizations. The malware has been detected in Indonesia, Mexico, and Jordan which has been affecting steel, vaccine manufacturers and a government entity. 

Shrinklocker isn't the first malware to leverage Bitlocker. In 2022, Microsoft did report that ransome attackers with nexus to Iran also used the tool to encrypt files. That same year, the Russian agricultural business Miratorg was attacked by ransomware that used Bitlocker to encrypt files residing in the system storage of infected devices. Shrinklocker disables protections designed to secure the Bitlocker encryption key and goes on to delete them. It then enables the use of a numerical password, both as a protector against anyone else taking back control of Bitlocker and as an encryptor for system data. The reason for deleting the default protectors is to disable key recovery features by the device owner.