| Category | Details |
|---|---|
| Threat Actors | ShrinkLocker Ransomware operators, possibly inspired by previous abuses of BitLocker by groups like Storm-0270 (Nemesis Kitten). |
| Campaign Overview | Ransomware attacks observed in May 2024 targeting Mexico, Indonesia, and Jordan. |
| Target Regions | Victims identified in Mexico, Indonesia, and Jordan. |
| Methodology | Uses VBScript and BitLocker, a legitimate Microsoft Windows security tool, to encrypt victim files and lock them out of systems. |
| Product Targeted | Windows systems utilizing BitLocker for full-disk encryption. |
| Malware Reference | ShrinkLocker ransomware. |
| Tools Used | VBScript, Microsoft Windows BitLocker, and an attacker-hosted server for storing encryption passwords. |
| Vulnerabilities Exploited | No direct vulnerabilities exploited; abuse of legitimate BitLocker feature for malicious purposes. |
| TTPs | Abuse of legitimate tools (BitLocker), VBScript scripting, no ransom note provided; attacker communicates via renamed system drives containing contact information. |
| Attribution | No direct attribution yet, but resembles tactics used by groups like Storm-0270 (Nemesis Kitten). |
| Recommendations | Use Bitdefender’s free decryption tool for ShrinkLocker victims; maintain offline backups and ensure BitLocker is configured with safeguards against unauthorized configuration changes. |
| Source | Tripwire |
Read full article: https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply