New ransomware targets Windows computers

New ransomware targets Windows computers
New ransomware targets Windows computers

Kaspersky experts have discovered a new ransomware called ShrinkLocker, targeting Windows computers. This malware hijacks BitLocker, the encryption module integrated by Microsoft, to go unnoticed.

BitLocker, introduced in 2007 with Windows Vista, allows users to protect their data by fully encrypting the hard drive. However, ShrinkLocker uses this feature for malicious purposes. According to Kaspersky, “using the operating system’s own features” is “one of the best ways to evade detection.”

ShrinkLocker checks the Windows version before taking action. If the system is older than Vista, it does not encrypt data and self-destructs. For newer versions, it shrinks bare-OS parts of the hard drive, reinstalls boot files, and uses BitLocker to encrypt data. All default protections are disabled and replaced with those of the ransomware. A 64-character encryption key is generated, and the system is forced to shut down, making file recovery almost impossible. Attackers leave an email address in the new boot partitions so victims can negotiate the decryption key.

An evolving threat

ShrinkLocker shows that cybercriminals are constantly refining their tactics. But also demonstrates that Windows features, such as BitLocker, can be misused for malicious purposes, requiring increased user vigilance and enhanced security measures.

Source: 01Net

This article was reprinted on the Univers FreeBox website

-

-

PREV Apple’s difficult equation for integrating AI into the iPhone
NEXT “Super Mario” games bind mathematicians and their supercomputers