BitDefender has issued a free decryption tool for the novel ShrinkLocker ransomware strain that emerged in May, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks with ShrinkLocker, which leverages Microsoft BitLocker for accelerated drive encryption and a random password for re-encryption in Windows 7 and 8 or Windows Server 2008 and 2012 systems, have been deployed against organizations in Mexico, Jordan, and Indonesia, with the payload gaining traction among less sophisticated threat operations due to its simplicity, noted Bitdefender, which previously released decryptors for the MegaCortex, LockerGoga, and MortalKombat ransomware strains. "Our analysis shows that ShrinkLocker malware is being adapted by multiple individual threat actors for simpler attacks, rather than being distributed through a ransomware-as-a-service (RaaS) model," said Bitdefender researchers. ShrinkLocker's use of BitLocker comes amid the mounting exploitation of the Windows security feature in the past few years, having been utilized in intrusions launched by an Iranian state-backed threat operation.