Free tool: Security researchers crack ShrinkLocker encryption
The blackmail Trojan ShrinkLocker uses Microsoft's Bitlocker to encrypt Windows systems. A decryption tool can help.
(Image: Rinrada_Tan/Shutterstock.com)
ShrinkLocker is targeting Windows PCs, encrypting hard disks and extorting ransom money. Security researchers at Bitdefender have now discovered vulnerabilities in the ransomware's modus operandi and have published a free decryption tool for victims.
Mode of operation
According to an analysis by the security researchers, the PC malware does not use an encryption algorithm, but Microsoft's legitimate Windows security feature Bitlocker, which encrypts hard disks. In this case, however, only the perpetrators know the randomly generated key, which they offer to victims in return for a ransom payment.
According to the researchers, ShrinkLocker uses a Visual Basic script to accomplish this, but the code is said to be quite outdated and buggy. The attackers use it to modify Bitlocker configurations and then encrypt system hard disks. Victims are then greeted by a Bitlocker screen that prompts them to enter the password for decryption. Victims can contact the attackers for the ransom payment via a displayed email address. ShrinkLocker uses Group Policy Objects (GPOs) and scheduled tasks to encrypt other systems on the network. This allows attackers to compromise entire domains.
Videos by heise
Decrypt free of charge
When analyzing the malware, the researchers reportedly discovered several errors in the code. Their tool uses Bitlocker recovery mode to restore data in a specific time window. The researchers' article explains how this works in detail. The tool can be downloaded free of charge. This allows victims to access their data again without paying a ransom.
On the ID-Ransomware website, victims of blackmail Trojans can check whether a free decryption tool is already available for their case.
(des)
