ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

Date: 09/12/2024

Severity: Critical

Summary

ShrinkLocker is a new ransomware strain that misuses BitLocker, a genuine Windows feature, to encrypt targeted data. Unlike standard ransomware, it employs BitLocker to lock users out by creating a secure boot partition. This makes decryption more challenging and showcases the evolving tactics ransomware developers use to control systems.

Indicators of Compromise (IOC) List

Hash	32f31b35179bbff9ca9dd21b43bfc3e585baafedde523bd3e4869400ab0362cb d4f2c5b21e96cfef0fc4e5acb6bde30113d1c8c7522f35d99102de886ed337b3

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1

sha256hash IN ("32f31b35179bbff9ca9dd21b43bfc3e585baafedde523bd3e4869400ab0362cb","d4f2c5b21e96cfef0fc4e5acb6bde30113d1c8c7522f35d99102de886ed337b3")

Reference:

https://www.splunk.com/en_us/blog/security/shrinklocker-malware-abusing-bitlocker-to-lock-your-data.html

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments