Organizations in the steel and vaccine manufacturing sectors, as well as a government entity in Mexico, Jordan, and Indonesia, have been subjected to attacks with the novel ShrinkLocker ransomware strain that exploits Microsoft BitLocker for file encryption activities, The Register reports.
Intrusions commence with the acquisition of code execution that is followed by the delivery of ShrinkLocker, which then leverages a VBScript to determine operating system versions, conduct disk resizing activities, and ensure execution of the malware, according to a report from Kaspersky's Global Emergency Response team.
After modifying partition labels and delivering decryption keys, ShrinkLocker then proceeds with local key deletion, as well as the removal of system logs before taking down the breached systems, researchers added.
Organizations have been recommended to mitigate such a threat by implementing managed detection and response solutions, restricted user privileges, and robust credentials, as well as ensuring frequent data backups and tracking critical system activity.
