The new ransomware strain, ShrinkLocker, is creating significant concerns by using Windows BitLocker to encrypt corporate systems through the creation of new boot partitions.
ShrinkLocker, named for its method of creating a boot volume by shrinking available non-boot partitions, has been targeting government entities and companies in the vaccine and manufacturing sectors.
Using BitLocker to encrypt computers isn’t new. Previously, threat actors have used this security feature to encrypt 100TB of data on 40 servers at a Belgian hospital and to target a Moscow-based meat producer and distributor. In September 2022, Microsoft warned about an Iranian state-sponsored attacker using BitLocker to encrypt systems running Windows 10, Windows 11, or Windows Server 2016 and newer.
Kaspersky reports that ShrinkLocker includes previously unreported features designed to maximize damage. Written in Visual Basic Scripting (VBScript), ShrinkLocker detects the specific Windows version on the target machine using Windows Management Instrumentation (WMI) and proceeds only if certain conditions, like the current domain matching the target and the OS version being newer than Vista, are met. If not, ShrinkLocker deletes itself.
If the target meets the requirements, the malware uses the Windows diskpart utility to shrink each non-boot partition by 100MB, creating new p
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: