The new strain of ransomware is extremely dangerous, taking advantage of BitLocker on Windows to attack

Detecting a new type of dangerous ransomware that uses Windows BitLocker to encrypt data.



Cyber ​​security experts at Kaspersky have just discovered a new strain of ransomware called ShrinkLocker, which uses Windows' BitLocker encryption tool to lock data on the victim's computer. This type of ransomware has attacked many government agencies, manufacturing and pharmaceutical companies in Mexico, Indonesia and Jordan.


Windows BitLocker data protection tool is being exploited for malicious purposes.



ShrinkLocker works by shrinking non-boot partitions on the hard drive, then creating new boot partitions and using BitLocker to encrypt the data on them. This leaves the victim unable to access his data and is required to pay a ransom to regain control.


What's special about ShrinkLocker is that it doesn't leave a ransom note like other malware, but instead labels new boot partitions with email addresses, presumably to let victims contact the attackers. attack. attack. Furthermore, after encrypting data, ShrinkLocker will remove all BitLocker recovery options on Windows, leaving the victim unable to recover the encryption key and completely losing control of the data.


ShrinkLocker also removes Windows BitLocker recovery options.


Although BitLocker is a legitimate Windows security feature, ShrinkLocker took advantage of it to cause great damage to victims. Experts warn that this is a new and dangerous threat that needs to be alert and prevented.


Faced with this situation, Windows users are advised to update their operating system and anti-virus software regularly, back up important data periodically, and not open suspicious files or links from emails or websites that are unknown. clear origin.


Serious security holes in older operating systems leave computers vulnerable to attacks after just a few minutes of connecting to the internet.

According to a recent video by YouTuber Eric Parker, connecting old Windows operating systems such as Windows XP and Windows 2000 to the internet without security measures can lead to serious consequences. In just a few minutes, your computer can be attacked by many dangerous viruses.


Watch More Image Part 2 >>>

In the video, Eric Parker sets up a Windows XP virtual machine without a firewall or antivirus software and connects it to the internet. As a result, after just two minutes, the computer was attacked by multiple viruses, including "conhoz.exe" and another virus that automatically created an "admina" account to host the FTP file server.


Testing, Eric Parker installed Malwarebytes on the XP machine and detected a total of 8 viruses belonging to continuing the categories Trojan, backdoor, DNS changer and adware. However, there are still many other viruses lurking in the system that the free version of Malwarebytes cannot detect.

Đăng nhận xét

Mới hơn Cũ hơn

Support me!!! Thanks you!

Join our Team

Please watch the video on YouTube to support me. Thank you very much!