ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

SUMMARY :

ShrinkLocker is a new ransomware strain that exploits Windows BitLocker to encrypt targeted data. Unlike typical ransomware, it abuses this legitimate feature to create a secure boot partition, locking users out unless a ransom is paid. The malware performs system checks, modifies registry entries, disables RDP, enforces smart card authentication, and alters BitLocker settings. It shrinks disk partitions, formats new ones, and reconfigures boot files. ShrinkLocker generates a random encryption key using system parameters and exfiltrates data to a C2 server. It also attempts to erase traces by deleting logs, firewall rules, and scheduled tasks. This sophisticated approach complicates decryption efforts and system recovery.

OPENCTI LABELS :

ransomware,encryption,bitlocker,shrinklocker,disk partitioning


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


ShrinkLocker Malware: Abusing BitLocker to Lock Your Data