ShrinkLocker Strikes: New Ransomware Wreaks Havoc on Government and Industry Systems

Hot Take:

BitLocker, more like BitBlocker! ShrinkLocker is that uninvited guest at the party who not only eats all your snacks but also locks your fridge and hides the key. The ransomware world just got a bit more mischievous and a lot more annoying.

Key Points:

• ShrinkLocker ransomware exploits Windows BitLocker to encrypt files.
• Targets include government agencies and firms in manufacturing and pharmaceuticals.
• New primary boot volumes are created and labeled with email addresses.
• Deletes BitLocker protectors, making recovery nearly impossible without the decryption key.
• Compromised systems have been reported in Mexico, Indonesia, and Jordan.

Need to know more?

Ransomware: The Party Crasher

Cybersecurity researchers have discovered ShrinkLocker, a new ransomware strain that makes BitLocker its weapon of choice. BitLocker, usually the knight in shining armor for Windows users, is being turned against them like a treacherous squire. ShrinkLocker shrinks available non-boot partitions by 100MB and creates new boot volumes that BitLocker encrypts, effectively locking users out. It’s like coming home to find your door replaced with a puzzle that only the thieves have the solution to.

Government Agencies and Big Pharma Get BitLocked

ShrinkLocker seems to have a taste for big fish, targeting government agencies and firms in manufacturing and pharmaceuticals. With a penchant for creating chaos, it’s already been spotted causing havoc in Mexico, Indonesia, and Jordan. Imagine a burglar who not only robs your house but also leaves you a puzzle to solve before you can even enter your home again. That’s ShrinkLocker for you.

High Stakes Encryption

BitLocker is designed to protect data by providing encryption for entire volumes, but ShrinkLocker flips the script. By using BitLocker’s full disk encryption feature, it ensures that victims are locked out with no easy way back in. The ransomware even goes the extra mile by deleting all BitLocker protectors, rendering any hope of recovering the BitLocker encryption key futile. It’s like locking all the doors, throwing away the keys, and then burning the map.

No Ransom Note, No Problem

ShrinkLocker ditches the traditional ransom note for a more modern approach. Instead, it labels the new boot partitions with email addresses, inviting victims to play a game of digital tag. It’s as if the kidnappers decided to communicate through a series of cryptic messages rather than the usual ransom demand letter. Very avant-garde, very annoying.

CloudFlare: The Unexpected Accomplice

The ransomware’s creators have another trick up their sleeves: they use TryCloudflare, a legitimate tool, to obtain the decryption key. This tool is typically used by developers to test CloudFlare’s tunnel without adding a site to CloudFlare’s DNS. It’s like using a Swiss Army knife to pick a lock – clever, but not what the tool was intended for. The victims are left stranded while the attackers walk away with the only lifeline.

Conclusion: The New Face of Ransomware

ShrinkLocker is the latest reminder that ransomware is evolving in cunning and complexity. By weaponizing BitLocker, it turns a trusted security feature into a tool of extortion. As it continues to target high-profile sectors, it’s clear that cybersecurity defenses need to adapt and evolve. In the meantime, keep your digital doors locked and your BitLocker keys close – you never know when the next party crasher might strike.

---

About the Author

Sead Fadilpašić, a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina, writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws, and regulations). With over a decade of experience, he’s contributed to numerous media outlets, including Al Jazeera Balkans, and has taught content writing modules for Represent Communications. When he’s not reporting on the latest in tech, he’s probably trying to keep his own devices safe from the likes of ShrinkLocker.