It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.
Related Posts
ShrinkLocker Uses Windows BitLocker Utility To Infect Computers
ShrinkLocker Uses Windows BitLocker Utility To Infect Computers
Hackers exploit the Windows BitLocker tool, as this utility offers a very powerful tool for selectively encrypting access to the system or data, which helps lock users out.
Attackers can use BitLocker to encrypt the victim’s files, making them inaccessible without the key. Then, they ask for money before revealing the key.
Then, they ask for money before revealing the key, which completely acts as ransomware.
Kaspersky analysis of “ShrinkLocker” cleverly leverages Windows’ built-in BitLocker full-disk encryption to lock victims out of their data.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
ShrinkLocker Windows BitLocker
After encrypting local drives, it shrinks drive partitions by 100MB to create its own boot partition, disables BitLocker recovery keys, and sends the encryption key to attackers.
On reboot, victims see the standard BitLocker password prompt but cannot access their system, with drive labels changed to the attacker’s email ransom address instead of a typical ransom note.
ShrinkLocker is a complex VBScript ransomware program that is used to gather information on OS versions, prepare drives by decreasing the size of partitions, and change the Windows registry so that BitLocker is encrypted as specified by an attacker.
Additionally, it disables recovery keys, enables password protector for these keys, generates a password that will be used in encrypting the drive, and then uses it in encrypting the drive.
The next step is sending this password and system data back to the attacker’s C2 server through the Cloudflare subdomain, erasing itself from compromised computer systems, including clearing all logs and restarting them so that victims are left at the BitLocker prompt with no way to retrieve their files.
The attacks have already been reported in Indonesia, Jordan, and Mexico.
Recommendations
Here below we have mentioned all the recommendations:-
Implement the least privilege, restricting the ability to modify the registry or enable full-disk encryption.
Enable HTTP POST request logging for traffic monitoring and potential password and key exfiltration detection.
Monitor and log VBS and PowerShell activity, and store externally as malware may delete logs.
Regularly back up data to offline.
Use reliable endpoint security solutions.
Utilize EDR to monitor and respond to suspicious endpoint activity.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post ShrinkLocker Uses Windows BitLocker Utility To Infect Computers appeared first on Cyber Security News.
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.
The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the Read More
Hundreds of malicious Python packages found stealing sensitive data
Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. […] Read More
BleepingComputer