New ShrinkLocker ransomware puts millions of Windows PCs at risk, but you can stay protected

It encrypts files and removes the recovery options

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

shrinklocker ransomware windows

If you are a Windows user, it’s time to take measures to protect your PC and personal data. Recently, researchers at Kaspersky identified a new ransomware, dubbed ShrinkLocker, that can encrypt the data and remove recovery options on Windows PCs.

The ShrinkLocker ransomware, once loaded on the PC, checks the installed edition of Windows and enables BitLocker, if it is available. Then, it encrypts the whole drive and creates a new partition for the boot files of the operating system.

Now, threat actors delete any Bitlocker keys and remove available recovery options, thus eliminating the possibility for users to revert the PC to a stable state or recover the data. The keys are then sent to a server controlled by the attackers, and all traces of the attack are wiped out!

Finally, the ShrinkLocker ransomware initiates a full system shutdown. Upon restarting the computer, users see the message, There are no more BitLocker recovery options on your PC. You’ll need to use recovery tools. If you don’t have any installation media (like a disc or USB device), contact your PC administrator or PC/Device manufacturer.

BitLocker recovery screen on a system infected by ShrinkLocker (Image source: Kaspersky)

All of it is done using a VBscript and the built-in encryption tool, BitLocker. While the former lets threat actors automate the entire process, the latter allows effective encryption without relying on third-party tools.

Speaking about the ransomware and detailing the tips to stay protected, Cristian Souza, Incident Response Specialist at Kaspersky, said,

What is particularly concerning about this case is that BitLocker, originally designed to mitigate the risks of data theft or exposure, has been repurposed by adversaries for malicious ends. It’s a cruel irony that a security measure has been weaponized in this way. For companies using BitLocker, it’s crucial to ensure strong passwords and secure storage of recovery keys. Regular backups, kept offline and tested, are also essential safeguards.

So far, instances of the attack have been reported in Mexico, Indonesia, and Jordan, with steel and vaccine manufacturers as the prime target. Although a government entity was also attacked, according to Kaspersky.

The ShrinkLocker ransomware is the first of its kind, and it leverages a built-in Windows feature, BitLocker meant to enhance data protection and keep your PC safe from data theft.

Tips to stay protected against the ShrinkLocker ransomware

  • Use an effective antivirus solution: An effective antivirus solution is a must, considering it will warn you of such attacks before the final shutdown is triggered.
  • Minimize user privileges: For organizations, administrators can reduce the privileges granted to end users in order to prevent the attack. This includes limiting changes to the Registry, including manually or by unreliable third-party apps and scripts.
  • Monitor network traffic and script execution: You must regularly monitor the network traffic for any data sharing between the PC and the threat actor’s servers. Also, identify instances of VBScript execution.
  • Create regular cloud backups: While local backups have their share of benefits, a cloud backup will help you recover the data even when you are locked out of the PC.

This isn’t the first time concerns have been raised about BitLocker. A few months ago, we reported how BitLocker encryption can be bypassed in less than a minute,

So, it’s time to take things into your own hands and deploy additional measures to protect your PC. Cyberattacks are on the rise, and you must act accordingly!

If you have any more tips to stay protected from the ShrinkLocker ransomware, share them with our readers in the comments section.

More about the topics: Ransomware, Windows

User forum

0 messages