ShrinkLocker: Turning BitLocker into ransomware


The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices.

Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that took advantage of BitLocker for unauthorized file encryption. We spotted this script and its modified versions in Mexico, Indonesia, and Jordan. In the sections below, we analyze in detail the malicious code obtained during our incident response effort and provide tips for mitigating this kind of threat.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • MediSecure reveals 12.9 million Australians had personal data stolen in cyber attack earlier this year

    July 18, 2024

    eScript provider MediSecure has revealed the personal data of 12.9 million Australians was stolen by hackers earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May. The company had previously not disclosed how ...

  • HS2 investigating possible misconduct tied to ‘serious’ data breach

    July 18, 2024

    HS2 has launched a formal investigation into allegations of gross misconduct tied to a “serious” data breach earlier in the year, City A.M. understands. Sources allege the incident took place in late May. HS2 Ltd, the company sponsored by the Department for Transport (DfT) to oversee the project, subsequently began an investigation into a potential significant ...

  • Student who created malware worth £45k while living with parents is jailed

    July 17, 2024

    A university student who created malware targeting government websites while living with his parents has been jailed. Amar Tagore, 21, a third year university student, offered buyers malware (malicious software) to disrupt corporate and state-run websites, while living with his parents in Alexandria, West Dunbartonshire. He supplied a tool used by hundreds of online customers to ...

  • London council slammed for ‘severe’ data breach in ‘avoidable’ cyber attack

    July 17, 2024

    Britain’s data watchdog has lambasted London’s Hackney Council for a cyber attack that “severely” impacted residents, saying the breach was “a clear and avoidable error.” In October 2020, hackers infiltrated Hackney’s systems, accessing, encrypting, and in some instances exfiltrating personal data. The compromised information included residents’ names, addresses, racial or ethnic origins, religious beliefs, sexual orientations, ...

  • Disney faces potential data breach, hacker group claims massive leak

    July 15, 2024

    The Walt Disney Company is reeling from a suspected cyberattack by a hacktivist group calling itself NullBulge, exposing a significant amount of sensitive information. NullBulge announced its exploit on 12 July on both the cybercrime forum Breach Forums and X/Twitter. The group said it infiltrated Disney’s internal Slack communication platform, leaking 1.2 terabytes of data online. Read ...

  • Rite Aid confirms data breach following ransomware attack

    July 15, 2024

    American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft. In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers. “Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We ...