Bitdefender has unveiled a decryption tool for ShrinkLocker, a ransomware that has been causing concern among experts due to its increasing number of attacks. The company also released a study detailing how this virus operates. ShrinkLocker utilizes the Windows BitLocker feature to encrypt files and disable any system recovery options. Unlike other ransomware that use complex algorithms, ShrinkLocker employs a legitimate data encryption, enabling it to swiftly encrypt entire disks, including system drives.
The development of the decryption tool was initiated after an investigation into an attack on a medical organization in the Middle East. In this incident, hackers compromised an unsecured device and proceeded to infiltrate the company’s network, where they deployed ShrinkLocker. The first instances of this threat were documented in the spring, with multiple companies issuing warnings about the use of ShrinkLocker by hackers. Kaspersky Lab identified cases of ShrinkLocker usage in countries like Mexico, Indonesia, and Jordan, targeting industries such as steel, pharmaceuticals, and government agencies.
ShrinkLocker detects the presence of BitLocker on a device and, if absent, installs and configures it independently. The program then encrypts the disk using a randomly generated password that is sent to the attackers’ server. Upon reboot, the user is prompted to enter this password to unlock the disk, with the attackers’ email address for communication and ransom payment displayed on the screen.
According to Bitdefender, ShrinkLocker can encrypt multiple systems in just 10 minutes per device. The user-friendly nature of this tool makes it attractive to novice hackers who prefer simpler methods over more complex schemes like Ransomware-as-a-Service (RaAS). Researchers have highlighted the low entry barrier that allows many attackers to easily customize the virus for their specific objectives.
ShrinkLocker is primarily being used for less sophisticated attacks and is targeting outdated operating systems like Windows 7 and 8, as well as server versions of Windows Server 2008 and 2012. Bitdefender experts recommend configuring BitLocker to store all keys in Active Directory as a preventive measure against such attacks, as hackers would be unable to complete the encryption process without access to these keys.