Skip to content

ShrinkLocker Ransomware Leverages BitLocker for File Encryption

Posted by:
< 1 min read

May 24, 2024 – Published on Security Boulevard

Security researchers have uncovered a ransomware campaign called Shrinklocker, whereby attackers misuse the Bitlocker encryption tool integrated into Windows to encrypt their victims’ data and then demand a ransom.

Shrinklocker uses an advanced VBScript to initiate encryption with BitLocker. After starting, the script asks for information about the target system and performs various checks.

The ShrinkLocker ransomware differentiates itself by targeting specific Windows versions using a VBScript that activates BitLocker based on the system detected.

Nic Finn, security consultant at GuidePoint Security called Shrinklocker a furtherance of the same “living off the land” techniques actors have been abusing lately, in which they rely on built-in or organizational services and features for their own malicious purposes.

“Some experts have hypothesized about the use of BitLocker as a means of encrypting client data, since exfiltrating then deleting the key makes the data practically gone unless the threat actor provides the key back to the victim,” Finn said.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

GRIT Ransomware Report: April 2024
Additional contributors to this report: Nic Finn, Grayson North, Justin Timothy April 2024 presented as an outlier amidst the preceding […]
View Page

Related Articles

View All

  • GRIT Blog
GRIT Ransomware Report: April 2024
Posted by: Jason Baker
Published 05/16/24, 08:50am
Read More 14 min read
  • Incident Response & Threat Intelligence
GRIT Ransomware Report-2024-Q1
Read More < 1 min read
  • Incident Response & Threat Intelligence
Ransomware negotiator weighs in on the extortion payment debate
Read More < 1 min read