Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Bitdefender defeated the dangerous ransomware ShrinkLocker.
Bitdefender has unveiled a decryptor for the ShrinkLocker ransomware, which previously caused concern among incident responders due to the growing number of attacks.
Along with the decryptor, the company published a study explaining how the virus works. ShrinkLocker uses a built-in Windows feature called BitLocker to encrypt files and disable any system recovery capabilities. Unlike other ransomware that uses complex algorithms, ShrinkLocker uses a legitimate data encryption tool, allowing it to quickly encrypt entire drives, including system drives.
Work on the decryptor began after an investigation into an attack on a medical organization in the Middle East. The hackers compromised an unmanaged device and then infiltrated the company's network, where they deployed ShrinkLocker.
The threat was first spotted in the spring, when several companies warned about the use of ShrinkLocker by hackers. Kaspersky Lab detected cases of ShrinkLocker being used in May in Mexico, Indonesia and Jordan. Among the victims were steel industry enterprises, pharmaceutical companies and government agencies.
ShrinkLocker checks to see if BitLocker is installed on the device. If not, he downloads it and configures it himself. The program then encrypts the disk with a random password, which is sent to the attackers' server. When the computer restarts, the user needs to enter this password to unlock the drive. The attackers' email address also appears on the screen to contact and pay the ransom.
According to Bitdefender, ShrinkLocker can encrypt multiple systems at once in 10 minutes per device. The tool's ease of use makes it attractive to novice hackers who don't want to get involved with more sophisticated ransomware-as-a-service (RaaS) schemes. The researchers also noted that the low entry threshold allows many attackers to easily adapt the virus to their goals.
The malware is heavily used for less sophisticated attacks and targets legacy operating systems such as Windows 7 and 8, as well as server versions of Windows Server 2008 and 2012. Bitdefender suggested setting up BitLocker so that all keys are stored in Active Directory — this can prevent such attacks, because without access to the keys, hackers will not be able to complete encryption.
Source
Bitdefender has unveiled a decryptor for the ShrinkLocker ransomware, which previously caused concern among incident responders due to the growing number of attacks.
Along with the decryptor, the company published a study explaining how the virus works. ShrinkLocker uses a built-in Windows feature called BitLocker to encrypt files and disable any system recovery capabilities. Unlike other ransomware that uses complex algorithms, ShrinkLocker uses a legitimate data encryption tool, allowing it to quickly encrypt entire drives, including system drives.
Work on the decryptor began after an investigation into an attack on a medical organization in the Middle East. The hackers compromised an unmanaged device and then infiltrated the company's network, where they deployed ShrinkLocker.
The threat was first spotted in the spring, when several companies warned about the use of ShrinkLocker by hackers. Kaspersky Lab detected cases of ShrinkLocker being used in May in Mexico, Indonesia and Jordan. Among the victims were steel industry enterprises, pharmaceutical companies and government agencies.
ShrinkLocker checks to see if BitLocker is installed on the device. If not, he downloads it and configures it himself. The program then encrypts the disk with a random password, which is sent to the attackers' server. When the computer restarts, the user needs to enter this password to unlock the drive. The attackers' email address also appears on the screen to contact and pay the ransom.
According to Bitdefender, ShrinkLocker can encrypt multiple systems at once in 10 minutes per device. The tool's ease of use makes it attractive to novice hackers who don't want to get involved with more sophisticated ransomware-as-a-service (RaaS) schemes. The researchers also noted that the low entry threshold allows many attackers to easily adapt the virus to their goals.
The malware is heavily used for less sophisticated attacks and targets legacy operating systems such as Windows 7 and 8, as well as server versions of Windows Server 2008 and 2012. Bitdefender suggested setting up BitLocker so that all keys are stored in Active Directory — this can prevent such attacks, because without access to the keys, hackers will not be able to complete encryption.
Source
