Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Instrument

Bitdefender has launched a free decryptor for ShrinkLocker ransomware, which exploits Home windows BitLocker to encrypt techniques. Uncover all in regards to the methods utilized by attackers and the free decryptor instrument launched by Bitdefender to assist victims get better their information.

Cybersecurity researchers at Bitdefender have found a brand new kind of ransomware referred to as ShrinkLocker, and a subsequent answer to fight this menace. The brand new menace was recognized in Might 2024, written in VBScript, and 70% of its code is hard-coded to be “only executed on legacy systems like Windows 7/8 or Windows Server 2008/2012,” researchers famous within the report shared with Hackread.com forward of its publishing.

In contrast to trendy ransomware that depends on complicated encryption algorithms, ShrinkLocker employs a novel strategy to manipulating Home windows BitLocker configurations to encrypt system drives. It is a extra simple path to compromise gadgets. 

What occurs is that it first checks for the presence of BitLocker and, if absent, installs it. Then, it re-encrypts the system utilizing a randomly generated password, recognized solely to the attacker. This password is then uploaded to a server managed by the adversary, rendering the system inaccessible to the sufferer. The attacker then calls for a ransom to offer the decryption key.

Try and get better BitLocker entry reveals electronic mail addresses of the attacker (Screenshot: Bitdefender)

Bitdefender researchers analyzed a ShrinkLocker assault on a Center Japanese healthcare firm the place the attackers gained entry to an unmanaged system. on an Energetic Listing area controller, creating textual content recordsdata and initiating a distant session.

In response to the corporate’s weblog put up, two scheduled duties had been executed beneath the SYSTEM context, making certain widespread deployment of the ransomware. They efficiently encrypted techniques operating numerous working techniques, together with Home windows 10, Home windows 11, Home windows Server 2016, and Home windows Server 2019. 

What makes ShrinkLocker notably regarding is its functionality to compromise total networks with minimal effort. By exploiting Group Coverage Objects (GPOs) and scheduled duties, it could encrypt a number of techniques inside a community in as little as 10 minutes per system. This simplicity makes it a sexy choice for particular person menace actors who will not be a part of bigger ransomware-as-a-service (RaaS) operations.

Free ShrinkLocker Ransomware Decryptor

Nonetheless, Bitdefender Labs researchers have discovered a window of alternative for full information restoration instantly after the ransomware eliminated protectors from BitLocker-encrypted disks. Their in-depth evaluation led to the event of a free decryptor, now obtainable to the general public. 

The decryptor provides a lifeline to victims of previous ShrinkLocker assaults, enabling them to regain entry to their encrypted information. By offering a sensible answer, which has, to this point, saved an estimated $1.6 billion in ransom charges. Bitdefender Labs has demonstrated its dedication to combating cyber threats and safeguarding digital belongings.

It’s noteworthy that ShrinkLocker makes use of a Home windows characteristic, BitLocker, to encrypt total drives, together with system drives. Due to this fact, proactive monitoring of Home windows occasion logs may also help organizations establish and reply to BitLocker assaults, particularly in the course of the early levels when attackers are testing their encryption capabilities. Monitoring occasions from the “Microsoft-Windows-BitLocker-API/Management” supply also can assist.

  1. Free Decryptor for LockerGoga Ransomware Victims
  2. Common decryptor key for REvil ransomware launched
  3. How you can decrypt information from Hakbit, Jigsaw ransomware without spending a dime
  4. Man Hacks Attacker, Releases Mushtik Ransomware Decryption Keys
  5. Kransom Ransomware Poses as a Sport, Assaults by way of DLL Facet-Loading

Recent articles