Bitdefender Releases ShrinkLocker Ransomware Decryptor That Recovers BitLocker Files


A decryption tool for ShrinkLocker has been recently unveiled by Bitdefender. While it’s an unusual ransomware strain which was discovered in May 2024.

This ransomware employs a surprisingly simple yet effective approach, leveraging VBScript and Windows’ built-in BitLocker feature for encryption.

SIEM as a Service

ShrinkLocker operates by modifying BitLocker configurations to encrypt a system’s drives. It first checks if BitLocker is enabled and, if not, installs it.

The ransomware then re-encrypts the system using a randomly generated password uploaded to the attacker’s server. Victims are prompted to enter this password to unlock their encrypted drives, with the attacker’s contact email displayed on the BitLocker screen.

Security analysts at Bitdefender noted that ShrinkLocker’s ability to rapidly encrypt multiple systems within a network is one of the feature that makes it more sophisticated.

This enables the compromise of an entire domain in as little as 10 minutes per device. This efficiency makes it particularly attractive to individual threat actors who may not be part of larger ransomware-as-a-service (RaaS) ecosystems.

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Attack Chain

Interestingly, Bitdefender’s investigation revealed that the code behind ShrinkLocker might be over a decade old, possibly originally written for benign purposes.

This “digital time capsule” has been repurposed for malicious intent, highlighting the evolving nature of cyber threats. In response to this threat, Bitdefender has developed and released a decryption tool.

Bitdefender Releases ShrinkLocker Ransomware Decryptor That Recovers BitLocker Files
Attack Chain (Source – Bitdefender)

The tool exploits a specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted disks. This decryptor is now publicly available, adding to Bitdefender’s collection of 32 previously released decryption tools.

To use the decryptor, victims need to download it from Bitdefender’s website, enter BitLocker Recovery Mode, and run the tool from a command prompt. The process can take some time depending on the system’s hardware and encryption complexity.

While decryption tools are crucial for recovery, Bitdefender emphasizes that they are inherently reactive and don’t prevent future attacks. The company strongly recommends reviewing their additional guidance, including specific tips on configuring BitLocker to minimize the risk of successful attacks.

This development underscores the ongoing cat-and-mouse game between cybercriminals and security experts. As ransomware tactics evolve, the cybersecurity community continues to innovate, providing tools and strategies to combat these threats and protect users’ data.

Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.



Source link