* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, September 4, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    ITV Studios Launches New Entertainment Label – Global Bulletin – IMDb

    ITV Studios Unveils Exciting New Entertainment Label

    TS Entertainment bringing Malibu Jack’s to former Owensboro mall – Lane Report

    TS Entertainment Launches Malibu Jack’s at Former Owensboro Mall Location

    Jenny Han Dropped a Major ‘The Summer I Turned Pretty’ Easter Egg Revealing [SPOILER] – yahoo.com

    Jenny Han Just Unveiled a Huge ‘The Summer I Turned Pretty’ Easter Egg That Changes Everything [SPOILER]

    Liam Payne’s Cousin Ross Harris Honors Late Singer With Emotional Song ‘Bones’ – yahoo.com

    Liam Payne’s Cousin Ross Harris Honors Late Singer with Emotional New Song ‘Bones

    Country music star apologizes after drunken show ends with cops taking him down: ‘I’m not OK’ – PennLive.com

    Country Music Star Apologizes After Drunken Show Ends in Police Intervention: ‘I’m Not OK

    Comanche Nation Entertainment closes casino near Devol – KSWO 7News

    Comanche Nation Entertainment Closes Casino Near Devol in Surprising Move

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Credo Technology Group Holding Ltd. (CRDO) Surpasses Q1 Earnings and Revenue Estimates – Yahoo Finance

    Credo Technology Group Surpasses Q1 Earnings and Revenue Expectations

    The Economist is hiring a science and technology correspondent – The Economist

    Exciting Opportunity: Become Our Next Science and Technology Correspondent!

    Blockchain lender Figure Technology seeks to raise up to $526M in IPO (FIGR:Pending) – Seeking Alpha

    Blockchain Lender Figure Technology Sets Sights on $526M in Thrilling IPO Launch

    New Technology from Ramsey Theory Group Brings Diagnostic Testing and Telehealth Directly into Patients’ Homes – Yahoo Finance

    Revolutionary Ramsey Theory Technology Delivers Diagnostic Testing and Telehealth Right to Your Doorstep

    China’s CATL sells stake in Finnish subcontract car manufacturer – Reuters

    China’s CATL Sells Stake in Finnish Auto Supplier in Strategic Move

    This Secret Technology Will Make The IPhone 17 Super Thin Air – VOI.ID

    How This Breakthrough Technology Will Make the iPhone 17 Incredibly Thin and Lightweight

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    ITV Studios Launches New Entertainment Label – Global Bulletin – IMDb

    ITV Studios Unveils Exciting New Entertainment Label

    TS Entertainment bringing Malibu Jack’s to former Owensboro mall – Lane Report

    TS Entertainment Launches Malibu Jack’s at Former Owensboro Mall Location

    Jenny Han Dropped a Major ‘The Summer I Turned Pretty’ Easter Egg Revealing [SPOILER] – yahoo.com

    Jenny Han Just Unveiled a Huge ‘The Summer I Turned Pretty’ Easter Egg That Changes Everything [SPOILER]

    Liam Payne’s Cousin Ross Harris Honors Late Singer With Emotional Song ‘Bones’ – yahoo.com

    Liam Payne’s Cousin Ross Harris Honors Late Singer with Emotional New Song ‘Bones

    Country music star apologizes after drunken show ends with cops taking him down: ‘I’m not OK’ – PennLive.com

    Country Music Star Apologizes After Drunken Show Ends in Police Intervention: ‘I’m Not OK

    Comanche Nation Entertainment closes casino near Devol – KSWO 7News

    Comanche Nation Entertainment Closes Casino Near Devol in Surprising Move

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Credo Technology Group Holding Ltd. (CRDO) Surpasses Q1 Earnings and Revenue Estimates – Yahoo Finance

    Credo Technology Group Surpasses Q1 Earnings and Revenue Expectations

    The Economist is hiring a science and technology correspondent – The Economist

    Exciting Opportunity: Become Our Next Science and Technology Correspondent!

    Blockchain lender Figure Technology seeks to raise up to $526M in IPO (FIGR:Pending) – Seeking Alpha

    Blockchain Lender Figure Technology Sets Sights on $526M in Thrilling IPO Launch

    New Technology from Ramsey Theory Group Brings Diagnostic Testing and Telehealth Directly into Patients’ Homes – Yahoo Finance

    Revolutionary Ramsey Theory Technology Delivers Diagnostic Testing and Telehealth Right to Your Doorstep

    China’s CATL sells stake in Finnish subcontract car manufacturer – Reuters

    China’s CATL Sells Stake in Finnish Auto Supplier in Strategic Move

    This Secret Technology Will Make The IPhone 17 Super Thin Air – VOI.ID

    How This Breakthrough Technology Will Make the iPhone 17 Incredibly Thin and Lightweight

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Newly discovered ransomware uses BitLocker to encrypt victim data

May 25, 2024
in Technology
Newly discovered ransomware uses BitLocker to encrypt victim data
Share on FacebookShare on Twitter

GOING NATIVE —

ShrinkLocker is the latest ransomware to use Windows’ full-disk encryption.

Dan Goodin
– May 24, 2024 10:06 pm UTC

A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system.

BitLocker is a full-volume encryptor that debuted in 2007 with the release of Windows Vista. Users employ it to encrypt entire hard drives to prevent people from reading or modifying data in the event they get physical access to the disk. Starting with the rollout of Windows 10, BitLocker by default has used the 128-bit and 256-bit XTS-AES encryption algorithm, giving the feature extra protection from attacks that rely on manipulating cipher text to cause predictable changes in plain text.

Recently, researchers from security firm Kaspersky found a threat actor using BitLocker to encrypt data on systems located in Mexico, Indonesia, and Jordan. The researchers named the new ransomware ShrinkLocker, both for its use of BitLocker and because it shrinks the size of each non-boot partition by 100 MB and splits the newly unallocated space into new primary partitions of the same size.

“Our incident response and malware analysis are evidence that attackers are constantly refining their tactics to evade detection,” the researchers wrote Friday. “In this incident, we observed the abuse of the native BitLocker feature for unauthorized data encryption.”

ShrinkLocker isn’t the first malware to leverage BitLocker. In 2022, Microsoft reported that ransomware attackers with a nexus to Iran also used the tool to encrypt files. That same year, the Russian agricultural business Miratorg was attacked by ransomware that used BitLocker to encrypt files residing in the system storage of infected devices.

Once installed on a device, ShrinkLocker runs a VisualBasic script that first invokes the Windows Management Instrumentation and Win32_OperatingSystem class to obtain information about the operating system.

“For each object within the query results, the script checks if the current domain is different from the target,” the Kaspersky researchers wrote. “If it is, the script finishes automatically. After that, it checks if the name of the operating system contains ‘xp,’ ‘2000,’ ‘2003,’ or ‘vista,’ and if the Windows version matches any one of these, the script finishes automatically and deletes itself.”

A screenshot showing initial conditions for execution.

Enlarge / A screenshot showing initial conditions for execution.

Kaspersky

The script then continues to use the WMI for querying information about the OS. It goes on to perform the disk resizing operations, which can vary depending on the OS version detected. The ransomware performs these operations only on local, fixed drives. The decision to leave network drives alone is likely motivated by the desire not to trigger network detection protections.

Eventually, ShrinkLocker disables protections designed to secure the BitLocker encryption key and goes on to delete them. It then enables the use of a numerical password, both as a protector against anyone else taking back control of BitLocker and as an encryptor for system data. The reason for deleting the default protectors is to disable key recovery features by the device owner. ShrinkLocker then goes on to generate a 64-character encryption key using random multiplication and replacement of:

A variable with the numbers 0–9;
The famous pangram, “The quick brown fox jumps over the lazy dog,” in lowercase and uppercase, which contains every letter of the English alphabet;
Special characters.

After several additional steps, data is encrypted. The next time the device reboots, the display looks like this:

Screenshot showing the BitLocker recovery screen.

Enlarge / Screenshot showing the BitLocker recovery screen.

Kaspersky

Decrypting drives without the attacker-supplied key is difficult and likely impossible in many cases. While it is possible to recover some of the passphrases and fixed values used to generate the keys, the script uses variable values that are different on each infected device. These variable values aren’t easy to recover.

There are no protections specific to ShrinkLocker for preventing successful attacks. Kaspersky advises the following:

Use robust, properly configured endpoint protection to detect threats that try to abuse BitLocker;
Implement Managed Detection and Response (MDR) to proactively scan for threats;
If BitLocker is enabled, make sure it uses a strong password and that the recovery keys are stored in a secure location;
Ensure that users have only minimal privileges. This prevents them from enabling encryption features or changing registry keys on their own;
Enable network traffic logging and monitoring. Configure the logging of both GET and POST requests. In case of infection, the requests made to the attacker’s domain may contain passwords or keys;
Monitor for events associated with VBS execution and PowerShell, then save the logged scripts and commands to an external repository storing activity that may be deleted locally;
Make backups frequently, store them offline, and test them.

Friday’s report also includes indicators that organizations can use to determine if they have been targeted by ShrinkLocker.

Listing image by Getty Images

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Ars Technica – https://arstechnica.com/?p=2027056

Tags: discoveredNewlytechnology
Previous Post

Another US state repeals law that protected ISPs from municipal competition

Next Post

Thailand-based aCommerce cut net loss by half, grew revenue 18% in 2023

Potential caterpillar mimicry in a tropical hummingbird – Falk – 2025 – Ecology – ESA Journals

Tropical Hummingbird’s Surprising Caterpillar Mimicry Revealed

September 4, 2025
Degrees of Science: Healthy Aging – KWTX

Unlocking the Secrets to Healthy Aging: A Science-Based Guide

September 4, 2025
Podcast: Blame, bad drivers, and ‘safety science’ – BikePortland

Podcast: Blame, bad drivers, and ‘safety science’ – BikePortland

September 4, 2025
If you want your 60s to be some of the best years of your life, say goodbye to these 5 behaviors – VegOut

If you want your 60s to be some of the best years of your life, say goodbye to these 5 behaviors – VegOut

September 4, 2025
Credo Technology Group Holding Ltd. (CRDO) Surpasses Q1 Earnings and Revenue Estimates – Yahoo Finance

Credo Technology Group Surpasses Q1 Earnings and Revenue Expectations

September 4, 2025

NFL Week 1 Power Rankings: Eagles Take Early Lead, But Bills Poised to Claim Ultimate Crown

September 4, 2025
Xi Parades Military Strength as Trump Accuses Him of Conspiring With Putin and Kim – The New York Times

Xi Unveils Military Strength as Trump Levels Accusations of Alliances with Putin and Kim

September 4, 2025
Trump tariffs and the Fed: Fate of U.S. economy may lie with the Supreme Court – Axios

How the Supreme Court Could Decide the Future of the U.S. Economy Amid Trump Tariffs and Fed Moves

September 4, 2025
ITV Studios Launches New Entertainment Label – Global Bulletin – IMDb

ITV Studios Unveils Exciting New Entertainment Label

September 4, 2025
RFK Jr. is spreading a reckless myth about SSRIs and mass shootings – MSNBC News

RFK Jr. Fuels Dangerous Myth Linking SSRIs to Mass Shootings

September 4, 2025

Categories

Archives

September 2025
MTWTFSS
1234567
891011121314
15161718192021
22232425262728
2930 
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (806)
  • Economy (824)
  • Entertainment (21,704)
  • General (16,848)
  • Health (9,865)
  • Lifestyle (839)
  • News (22,149)
  • People (826)
  • Politics (831)
  • Science (16,035)
  • Sports (21,323)
  • Technology (15,805)
  • World (805)

Recent News

Potential caterpillar mimicry in a tropical hummingbird – Falk – 2025 – Ecology – ESA Journals

Tropical Hummingbird’s Surprising Caterpillar Mimicry Revealed

September 4, 2025
Degrees of Science: Healthy Aging – KWTX

Unlocking the Secrets to Healthy Aging: A Science-Based Guide

September 4, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version