Cybersecurity researchers from Kaspersky discovered a new ransomware they are calling ShrinkLocker, which hijacks the Windows BitLocker to encrypt and steal files from users.
ShrinkLocker got its name from how it operates. As per the report from BleepingComputer, once it attacks a system, it shrinks the available non-boot partitions by 100MB and creates new primary boot volumes with the same size.
Then, the ransomware will use BitLocker to encrypt the files on the endpoint. For those who are not familiar, BitLocker is a built-in feature in some Windows versions that aims to secure the user’s files by doing full disk encryption.
As per the report, the culprits behind it are also targeting manufacturing firms, pharmaceutical companies, and even government agencies.
What’s surprising is, this isn’t the first time BitLocker was used to attack PCs. The report pointed out an incident at a Belgium hospital, where hackers used the legitimate Windows feature to encrypt 100TB of data on 40 servers.
Making things worse, Kaspersky also gave a warning that ShrinkLocker also comes “with previously unreported features to maximize the damage of the attack.”
Source: Bleeping Computer