ShrinkLocker: Turning BitLocker into ransomware


The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices.

Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that took advantage of BitLocker for unauthorized file encryption. We spotted this script and its modified versions in Mexico, Indonesia, and Jordan. In the sections below, we analyze in detail the malicious code obtained during our incident response effort and provide tips for mitigating this kind of threat.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Canada labels India a ‘cyber adversary’ in new security report

    November 1, 2024

    India has been described as an adversary for the first time in an official Canadian government document. That description came in the National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security, on Tuesday. In its section on cyber threat from “state adversaries”, it includes China, Russia, Iran, North Korea and India. In ...

  • Telematics giant Microlise suffers cyber attack

    November 1, 2024

    Telematics giant Microlise suffers cyber attack By Gareth Roberts | 1 November 2024 Connected vehicles Microlise has suffered a cyber attack, with a large proportion of the company’s services affected, leaving fleets without some tracking services. The Microlise board says it has appointed external cyber security specialists whose investigations are underway to establish the nature and ...

  • UK: Council website back online after cyber attack

    November 1, 2024

    Burnley Council website is back online after being disrupted by a cyber attack yesterday afternoon. Services across numerous councils in the North West, including Tameside Council and Salford City Council were targeted with a Distributed Denial of Service attack (DDoS). IT teams have now successfully restored the website, and no data has been compromised. Read more… Source: MSN ...

  • Loose-lipped neural networks and lazy scammers

    October 31, 2024

    One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...

  • Android malware FakeCall intercepts your calls to the bank

    October 31, 2024

    An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...

  • Peru: Cybercriminals demand 4 million dollars for Interbank customer data

    October 31, 2024

    Organized crime in Peru has taken a worrying turn, extending its activities from attacks on public transport companies and kidnapping businessmen to cybercrime. These criminals use advanced technology to extort money from large companies, including the recent attack on Interbank bank. Reportedly criminals have breached Interbank’s security systems, stealing the database of millions of customers and ...