Bitdefender has released a decryptor for the 'ShrinkLocker' ransomware strain, which uses Windows' built-in BitLocker drive encryption tool to lock victim's files.
Discovered in May 2024 by researchers at cybersecurity company Kaspersky,
ShrinkLocker lacks the sophistication of other ransomware families but integrates features that can maximize the damage of an attack.
According to Bitdefender's analysis, the malware appears to have been repurposed from benign ten-year-old code, using VBScript, and leverages generally outdated techniques.
The researchers note that ShrinkLocker's operators seem to be low-skilled, using redundant code and typos, leaving behind reconnaissance logs in the form of text files, and rely on readily available tools.
However, the threat actor has had successful attacks on corporate targets.
In a report today, Bitdefender highlights a ShrinkLocker attack against a healthcare organization where attackers encrypted Windows 10, Windows 11, and Windows Server devices across the network, including backups.
The encryption process finished in 2.5 hours and the organization lost access to critical systems, potentially facing difficulties in providing patient care.
Bitdefender is releasing a free decryption tool that can help ShrinkLocker victims recover their files.
