May 23, 2024 at 05:34PM
Ransomware dubbed ShrinkLocker, utilizing Microsoft BitLocker to encrypt and extort payments, has been spotted by Kaspersky’s security team. The malware targets various sectors and hinders effective response, maximizing damage. It uses VBScript to determine the OS and allows attackers to change partition labels, extort victims, and delete recovery options. Kaspersky recommends defense measures.
From the meeting notes, it is clear that a new strain of ransomware, called ShrinkLocker, has been identified by Kaspersky. This malware uses Microsoft BitLocker to encrypt corporate files and extort payments from victim organizations. ShrinkLocker targets specific industries and government entities in various countries and utilizes VBScript and Windows Management Instrumentation to carry out its attacks. The antivirus maker’s Global Emergency Response team has shared technical details for detecting and blocking ShrinkLocker variants. Furthermore, Kaspersky recommends measures such as limiting user privileges, using strong passwords for BitLocker, monitoring for malicious script execution, and frequently backing up and testing systems and files to avoid falling victim to ransomware infections.