News: US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.PKfail Vulnerability: Impact on System Boot Security.Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker SyndicateUnveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.UK’s NCA cracks down on DigitalStress DDoS-for-hire, arresting a key suspect on July 2 with PSNI aid.Explore how the rise of cloud services increases container use in cloud infrastructure, highlighting benefits and risks like container escapes.SocGholish malware delivers AsyncRAT and BOINC, targeting systems via deceptive updates.Fake CrowdStrike Hotfixes Install Remote Access Tools and Distribute Data Wiper.Microsoft reports 8.5M Windows devices affected by a CrowdStrike update error; releases a recovery tool following global disruptions.CrowdStrike’s Crisis Management: Lessons in Chaos Recovery.Discover how the Port Shadow attack exploits shared VPN server ports, allowing attackers to shadow victims’ data.Cryptocurrency Exchange WazirX Hit by $230M Cyber Heist.Protecting ESXi Environments from Play Ransomware Attacks.Global Microsoft 365 Tech Outage Disrupts Flights, Banks, and Media.Impact of Interpol’s Operation Jackal: 300 Arrests, $3M SeizedBoost Your Cybersecurity with SubSnipe: Subdomain ProtectionStay Protected: Enhancing Cybersecurity for Software Updates.Beavertail Malware Update: MacOS Users at Risk.Australian Data Breach: MediSecure Struggles to Identify Victims.AvNeutralizer: FIN7’s Cybersecurity Evasion Tool Exposed.Protecting Networks: Strategies to Prevent 75% of IntrusionsChinese APT Group Evades Detection with 9002 RAT Malware in ItalyWP Time Capsule Plugin Update Urged After Critical Security FlawPatient Trust at Risk: Addressing MNGI Digestive Health BreachProtecting Yourself After the Trello Data LeakNATO’s NICC: Strengthening Alliance Against Cyber Threats.Kaspersky’s US Departure: A Blow to Cybersecurity Industry.Protect Your Privacy: mSpy Data Leak Exposes Millions.AT&T Data Breach Response: Paying the Price to Protect Data.Infostealer Malware: The Invisible Threat Explained.Secure the Cloud: Alphabet’s Potential $23 Billion Deal with Wiz.Brain Cipher Ransomware Threat: Indonesia’s Cybersecurity Challenge.IRacing DDoS Attack: Disrupting Online Racing SimulationsHardBit Ransomware 4.0: Passphrase Protection & ObfuscationAdvance Auto Parts Snowflake Data Breach: Result of No MFA.CDK Global Ransomware Attack: $25 Million Payment Details.Rapid Legal Data Leak Exposes 38TB Unsecured Database Online.Consumer Trust at Risk: The Fallout of the FBCS Data Breach.Cybersecurity Alert: AT&T Data Breach Impacts Millions of Customers.PowerShell-Based Malware: The Kematian Stealer Explained.Fortinet VPN Breach: Impact on Over 50 US Organizations.The Rise of Smishing Triad: India Post Cyber Fraud Alerts.CISA and FBI Alert: Hackers Targeting OS Command Injection Flaws.Data Breach Alert: Lulu Hypermarket’s Response and Next StepsPatch Tuesday – Microsoft Fixes 140+ Security Flaws.Cyber Espionage: Australia on High Alert for Chinese Hacker Attacks.NATO’s 75th Anniversary: Facing Chinese Cyberthreats Head On.Ticket Scalpers Bypass ‘Nontransferable’ Digital Tickets.Eldorado Ransomware: Threatening Windows and Linux Systems.Protecting Data: Risks Posed by CloudSorcerer APT’s Tactics.Microsoft’s iPhone Mandate: Enhancing Security in China.Avoiding Coinbase Scams: Tips to Safeguard Your Crypto Assets.Mekotio Trojan Threatens Latin American Financial Institutions.Apple Compliance with Russian VPN App Ban: A Controversial Move.Roll20 Security Breach: How to Safeguard Your Personal Data.Record-Breaking 840 Mpps DDoS Attack: OVHcloud’s Response.HealthEquity Data Breach: What You Need to Know.ShinyHunters Leaks Ticket Data For Taylor Swift’s Concerts, Demands Ransom.Defend Against Turla Malware: Weaponized LNK Files & Phishing Emails.Understanding the Dangers of AitM Phishing Attacks.Unveiling Volcano Demon: A New Threat to Windows Systems.Ghostscript Vulnerability: Potential Breach Risk for Users.Unveiling the Motives of Team ARXU’s Cyber Attacks on Schools and Banks.Safety Alert: Malicious QR Reader App in Google Play Store.Twilio Authy Breach Response: Safeguarding Your Mobile Security.Operation Morpheus and First Light: Combating cybercrime and protecting individuals globally.Donut and Sliver: Tools Used in Israeli Cyber Attack.Discover how FakeBat Loader Malware infiltrates systems via drive-by downloads, posing a widespread cybersecurity threat.Understanding the New Side-Channel Attack on Intel’s CPUs: What You Need to Know.In-Flight Cybersecurity Alert: Australian Man’s Wi-Fi Scam Exposed.Understanding Phishing, Identity Theft, and Ransomware Cyber Crimes.Brain Cipher Ransomware: The Rising Menace to Global Data Security.LockBit Ransomware Attack: 6M Individuals’ Data Breached at Infosys McCamish Systems.Fortifying the 2024 Olympics: Cybersecurity Measures in Place.Legal Practitioners Fidelity Fund hacked in South Africa, CEO informs stakeholders of cyber incident.Indonesia hit by major cyber attack, disrupting immigration services and airport operations.“Rafel RAT, an open-source Android remote administration tool (RAT), is being exploited by multiple threat actors to target Android devices.”CoinStats suffers breach, 1,590 crypto wallets compromised by threat actors.New Caesar Cipher Skimmer targets WordPress, Magento, and OpenCart, compromising CMS security.Indonesia’s national data center hacked, $8M ransom demanded, ransom payment refused.Levi Strauss & Co. data breach exposes 72K customers’ personal info.Winnti: Chinese-backed cyber group targeting tech, healthcare, and pharma industries for espionage and financial gain.Hackers exploit pkfacebook module flaw to deploy card skimmer on e-commerce sites, stealing credit card details.CDK Warns of Scammers Posing as Support, Calling Customers.Change Healthcare Lists Medical Data Stolen back in February.UNC3886 Hackers Deploy Linux Rootkits to Stealthily Operate on VMware ESXi Virtual Machines.Intel’s CET: Advanced CPU Protection Against Cyber Threats.Kaspersky Antivirus Software Banned in US Over Kremlin Links.SquidLoader: The Stealthy Malware Targeting Chinese Organizations with Evasive Phishing Tactics.Midnight Blizzard: Russia’s Cyber Threat to French Diplomacy.Fickle Stealer malware can be delivered through four methods: VBA dropper, VBA downloader, link downloader, and executable downloader.
Sat. Jul 27th, 2024
News: US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.PKfail Vulnerability: Impact on System Boot Security.Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker SyndicateUnveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.UK’s NCA cracks down on DigitalStress DDoS-for-hire, arresting a key suspect on July 2 with PSNI aid.Explore how the rise of cloud services increases container use in cloud infrastructure, highlighting benefits and risks like container escapes.SocGholish malware delivers AsyncRAT and BOINC, targeting systems via deceptive updates.Fake CrowdStrike Hotfixes Install Remote Access Tools and Distribute Data Wiper.Microsoft reports 8.5M Windows devices affected by a CrowdStrike update error; releases a recovery tool following global disruptions.CrowdStrike’s Crisis Management: Lessons in Chaos Recovery.Discover how the Port Shadow attack exploits shared VPN server ports, allowing attackers to shadow victims’ data.Cryptocurrency Exchange WazirX Hit by $230M Cyber Heist.Protecting ESXi Environments from Play Ransomware Attacks.Global Microsoft 365 Tech Outage Disrupts Flights, Banks, and Media.Impact of Interpol’s Operation Jackal: 300 Arrests, $3M SeizedBoost Your Cybersecurity with SubSnipe: Subdomain ProtectionStay Protected: Enhancing Cybersecurity for Software Updates.Beavertail Malware Update: MacOS Users at Risk.Australian Data Breach: MediSecure Struggles to Identify Victims.AvNeutralizer: FIN7’s Cybersecurity Evasion Tool Exposed.Protecting Networks: Strategies to Prevent 75% of IntrusionsChinese APT Group Evades Detection with 9002 RAT Malware in ItalyWP Time Capsule Plugin Update Urged After Critical Security FlawPatient Trust at Risk: Addressing MNGI Digestive Health BreachProtecting Yourself After the Trello Data LeakNATO’s NICC: Strengthening Alliance Against Cyber Threats.Kaspersky’s US Departure: A Blow to Cybersecurity Industry.Protect Your Privacy: mSpy Data Leak Exposes Millions.AT&T Data Breach Response: Paying the Price to Protect Data.Infostealer Malware: The Invisible Threat Explained.Secure the Cloud: Alphabet’s Potential $23 Billion Deal with Wiz.Brain Cipher Ransomware Threat: Indonesia’s Cybersecurity Challenge.IRacing DDoS Attack: Disrupting Online Racing SimulationsHardBit Ransomware 4.0: Passphrase Protection & ObfuscationAdvance Auto Parts Snowflake Data Breach: Result of No MFA.CDK Global Ransomware Attack: $25 Million Payment Details.Rapid Legal Data Leak Exposes 38TB Unsecured Database Online.Consumer Trust at Risk: The Fallout of the FBCS Data Breach.Cybersecurity Alert: AT&T Data Breach Impacts Millions of Customers.PowerShell-Based Malware: The Kematian Stealer Explained.Fortinet VPN Breach: Impact on Over 50 US Organizations.The Rise of Smishing Triad: India Post Cyber Fraud Alerts.CISA and FBI Alert: Hackers Targeting OS Command Injection Flaws.Data Breach Alert: Lulu Hypermarket’s Response and Next StepsPatch Tuesday – Microsoft Fixes 140+ Security Flaws.Cyber Espionage: Australia on High Alert for Chinese Hacker Attacks.NATO’s 75th Anniversary: Facing Chinese Cyberthreats Head On.Ticket Scalpers Bypass ‘Nontransferable’ Digital Tickets.Eldorado Ransomware: Threatening Windows and Linux Systems.Protecting Data: Risks Posed by CloudSorcerer APT’s Tactics.Microsoft’s iPhone Mandate: Enhancing Security in China.Avoiding Coinbase Scams: Tips to Safeguard Your Crypto Assets.Mekotio Trojan Threatens Latin American Financial Institutions.Apple Compliance with Russian VPN App Ban: A Controversial Move.Roll20 Security Breach: How to Safeguard Your Personal Data.Record-Breaking 840 Mpps DDoS Attack: OVHcloud’s Response.HealthEquity Data Breach: What You Need to Know.ShinyHunters Leaks Ticket Data For Taylor Swift’s Concerts, Demands Ransom.Defend Against Turla Malware: Weaponized LNK Files & Phishing Emails.Understanding the Dangers of AitM Phishing Attacks.Unveiling Volcano Demon: A New Threat to Windows Systems.Ghostscript Vulnerability: Potential Breach Risk for Users.Unveiling the Motives of Team ARXU’s Cyber Attacks on Schools and Banks.Safety Alert: Malicious QR Reader App in Google Play Store.Twilio Authy Breach Response: Safeguarding Your Mobile Security.Operation Morpheus and First Light: Combating cybercrime and protecting individuals globally.Donut and Sliver: Tools Used in Israeli Cyber Attack.Discover how FakeBat Loader Malware infiltrates systems via drive-by downloads, posing a widespread cybersecurity threat.Understanding the New Side-Channel Attack on Intel’s CPUs: What You Need to Know.In-Flight Cybersecurity Alert: Australian Man’s Wi-Fi Scam Exposed.Understanding Phishing, Identity Theft, and Ransomware Cyber Crimes.Brain Cipher Ransomware: The Rising Menace to Global Data Security.LockBit Ransomware Attack: 6M Individuals’ Data Breached at Infosys McCamish Systems.Fortifying the 2024 Olympics: Cybersecurity Measures in Place.Legal Practitioners Fidelity Fund hacked in South Africa, CEO informs stakeholders of cyber incident.Indonesia hit by major cyber attack, disrupting immigration services and airport operations.“Rafel RAT, an open-source Android remote administration tool (RAT), is being exploited by multiple threat actors to target Android devices.”CoinStats suffers breach, 1,590 crypto wallets compromised by threat actors.New Caesar Cipher Skimmer targets WordPress, Magento, and OpenCart, compromising CMS security.Indonesia’s national data center hacked, $8M ransom demanded, ransom payment refused.Levi Strauss & Co. data breach exposes 72K customers’ personal info.Winnti: Chinese-backed cyber group targeting tech, healthcare, and pharma industries for espionage and financial gain.Hackers exploit pkfacebook module flaw to deploy card skimmer on e-commerce sites, stealing credit card details.CDK Warns of Scammers Posing as Support, Calling Customers.Change Healthcare Lists Medical Data Stolen back in February.UNC3886 Hackers Deploy Linux Rootkits to Stealthily Operate on VMware ESXi Virtual Machines.Intel’s CET: Advanced CPU Protection Against Cyber Threats.Kaspersky Antivirus Software Banned in US Over Kremlin Links.SquidLoader: The Stealthy Malware Targeting Chinese Organizations with Evasive Phishing Tactics.Midnight Blizzard: Russia’s Cyber Threat to French Diplomacy.Fickle Stealer malware can be delivered through four methods: VBA dropper, VBA downloader, link downloader, and executable downloader.
Sat. Jul 27th, 2024

ShrinkLocker Ransomware using Microsoft BitLocker to encrypt corporate files and extort payment

ShrinkLocker Ransomware using Microsoft BitLocker to encrypt corporate files and extort payment

“ShrinkLocker: The Latest Ransomware Threat Exploiting Microsoft BitLocker for Maximum Damage”

Ransomware using Microsoft BitLocker to encrypt corporate files and extort payment

more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky.
The antivirus maker’s Global Emergency Response team spotted the malware, dubbed ShrinkLocker, in Mexico, Indonesia, and Jordan, and said the code’s unnamed operators targeted steel and vaccine manufacturing companies, plus a government entity. Criminals, including ransomware gangs, using legitimate software tools is nothing new — hello, Cobalt Strike.

And, in fact, Microsoft previously said Iranian bad actors had abused Windows’ built-in BitLocker full-volume encryption feature to lock up compromised devices. We can recall other strains of ransomware using BitLocker on infected machines to encrypt data and hold it to ransom.

With ShrinkLocker, however, More and more ransomware attacks are utilizing Microsoft BitLocker as a means to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations. This alarming trend has been identified by Kaspersky, a leading antivirus maker, whose Global Emergency Response team recently discovered a new malware called ShrinkLocker.

This malicious code has been observed in countries such as Mexico, Indonesia, and Jordan, and its operators have specifically targeted steel and vaccine manufacturing companies, as well as a government entity.

The use of legitimate software tools by criminals, including ransomware gangs, is not a new phenomenon. For instance, the notorious Cobalt Strike has been widely employed for malicious purposes. Additionally, Microsoft has previously acknowledged that Iranian cybercriminals had exploited the built-in BitLocker full-volume encryption feature in Windows to lock compromised devices. There have also been previous instances of ransomware strains using BitLocker to encrypt data on infected machines and hold it for ransom.

However, what sets ShrinkLocker apart is the fact that its operators have taken additional steps to maximize the damage caused by the attack and hinder an effective response. Kaspersky’s threat hunters, Cristian Souza, Eduardo Ovalle, Ashley Muñoz, and Christopher Zachor, explained in their research that the adversaries behind ShrinkLocker have implemented techniques that make it more difficult to detect and block the malware variants.

The technical details provided in Kaspersky’s write-up offer valuable insights into how ShrinkLocker can be detected and blocked. This information is crucial for organizations looking to protect themselves against this particular ransomware threat. By understanding the specific indicators of compromise and the behavior patterns exhibited by ShrinkLocker, security teams can enhance their defenses and respond more effectively to an attack.

The rise of ransomware attacks using BitLocker highlights the need for organizations to remain vigilant and proactive in their cybersecurity efforts. It is no longer enough to rely solely on traditional security measures. Instead, a multi-layered approach that combines advanced threat detection technologies, employee education, and regular backups is essential.

Organizations must ensure that their security solutions are up to date and capable of detecting and mitigating emerging threats. Regular patching and vulnerability management are crucial in preventing attackers from exploiting known weaknesses in software and systems.

The increasing use of Microsoft BitLocker by ransomware operators to encrypt corporate files and extort payment is a concerning development. The discovery of ShrinkLocker by Kaspersky’s Global Emergency Response team highlights the need for organizations to remain vigilant and proactive in their cybersecurity efforts. By staying informed about the latest threats and implementing robust security measures, organizations can better protect themselves against this evolving threat landscape.

    • Related Posts

    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.

    “Up to $10 Million Reward: Help Thwart Cyber Threats, Report on Rim Jong Hyok of APT45.” Exploring the

    Read more

    PKfail Vulnerability: Impact on System Boot Security.
    PKfail Vulnerability: Impact on System Boot Security.

    “PKfail: Exposing the Core, Compromising the Boot” Exploring PKfail: Understanding Its Impact on UEFI Bootkits and System Security

    Read more

    You Missed

    1
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    CyberCrime CyberCrimminals CyberEspionage CyberSecurity CyberThreats Hackers
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    2
    PKfail Vulnerability: Impact on System Boot Security.
    Alert CyberSecurity Spyware UEFI
    PKfail Vulnerability: Impact on System Boot Security.
    3
    Unpatched Docker Vulnerability: Exploring CVE-2024-41110.
    Alert
    Unpatched Docker Vulnerability: Exploring CVE-2024-41110.
    4
    Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.
    CyberAttacks CyberSecurity DDoS Russia
    Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.
    5
    Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.
    CyberSecurity Malware Phishing
    Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.
    6
    BlackMeta used InfraShutdown to target a UAE bank in a 100-hour DDos cyber attack.
    Alert
    BlackMeta used InfraShutdown to target a UAE bank in a 100-hour DDos cyber attack.
    7
    Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.
    CyberCrime CyberEspionage CyberSecurity CyberThreats
    Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.
    8
    California Court Chaos: Phone Services Disrupted by Ransomware Attack.
    Alert
    California Court Chaos: Phone Services Disrupted by Ransomware Attack.
    9
    Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.
    CyberCrimminals CyberSecurity CyberThreats
    Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.
    10
    Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.
    CyberSecurity Human Trafficking
    Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.
    11
    Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.
    CyberAttacks CyberSecurity Russia
    Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.
    12
    Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker Syndicate
    CyberCrime CyberCrimminals CyberSecurity DDoS Hackers
    Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker Syndicate
    13
    Unveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.
    China CyberEspionage CyberSecurity CyberThreats Hackers
    Unveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.
    14
    Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.
    CyberSecurity
    Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.
    15
    The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.
    CyberCrime CyberSecurity Human Trafficking Malware
    The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.
    16
    Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.
    CyberCrime CyberCrimminals CyberSecurity
    Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.