Ransomware, Critical Infrastructure Security, Threat Intelligence

Novel ShrinkLocker ransomware exploits Microsoft BitLocker

Malicious computer programming code in the shape of a skull.

Organizations in the steel and vaccine manufacturing sectors, as well as a government entity in Mexico, Jordan, and Indonesia, have been subjected to attacks with the novel ShrinkLocker ransomware strain that exploits Microsoft BitLocker for file encryption activities, The Register reports.

Intrusions commence with the acquisition of code execution that is followed by the delivery of ShrinkLocker, which then leverages a VBScript to determine operating system versions, conduct disk resizing activities, and ensure execution of the malware, according to a report from Kaspersky's Global Emergency Response team.

After modifying partition labels and delivering decryption keys, ShrinkLocker then proceeds with local key deletion, as well as the removal of system logs before taking down the breached systems, researchers added.

Organizations have been recommended to mitigate such a threat by implementing managed detection and response solutions, restricted user privileges, and robust credentials, as well as ensuring frequent data backups and tracking critical system activity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.