New ransomware targets Windows computers

Hibapress

Russian cybersecurity giant Kaspersky has detected attacks using a new ransomware named ShrinkLocker.

The malware hijacks BitLocker, a Windows security feature that helps protect data through encryption, to go unnoticed, Kaspersky said in a press release.

ShrinkLocker checks the Windows version before taking action. If the system is older than Vista, it does not encrypt data and self-destructs. For newer versions, it shrinks parts of the hard drive without an operating system, reinstalls boot files, and uses BitLocker to encrypt data, the company points out on its official website.

All default protections are disabled and replaced with those of the ransomware. A 64-character encryption key is generated, and the system is forced to shut down, making file recovery almost impossible, the release explained.

Once the computer is infected, hackers leave an email address in the new boot partitions so victims can negotiate the decryption key.

“A protection tool has become a weapon in the hands of attackers,” hence the need to use strong passwords and securely store access recovery keys, Kaspersky warns.