ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Plus: CISA's ScubaGear dives deep to fix M365 misconfigs
Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.
Bitdefender made the decryptor publicly available following an extensive analysis of the malware strain, which was uncovered in May and found to use VBScript and Microsoft Windows' built-in BitLocker encryption feature to scramble victims' files.
That’s a crude approach compared to those used by more modern ransomware strains. But Bitdefender reckons using these "relics from the past" makes ShrinkLocker "a surprisingly simple yet effective ransomware."
"By using a combination of Group Policy Objects (GPOs) and scheduled tasks, it can encrypt multiple systems within a network in as little as 10 minutes per device," explained Martin Zugec, technical solutions director at Bitdefender.
"This simplicity makes the attack particularly attractive to individual threat actors who may not be part of a larger ransomware-as-a-service (RaaS) ecosystem," he added in a Wednesday write-up.
Bitdefender's analysis includes a link to download its free decryption tool, which has been added to the security shop's collection of 32 previously released ransomware decryptors. The antivirus maker also details the full nine-step process to install the decryption software.
However, as Zugec warns, "decryptor tools are inherently reactive – often limited to specific timeframes or software versions."
- Here's yet more ransomware using BitLocker against Microsoft's own users
- Freedom for MegaCortex ransomware victims – the fix is out
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network
- Scattered Spider, BlackCat claw their way back from criminal underground
Another thing to remember is that while decryptors can restore your data, they don't prevent future attacks or stop digital thieves from selling or leaking info they've already stolen.
"We strongly recommend reviewing our recommendations section for additional guidance, including specific tips on configuring BitLocker to minimize the risk of successful attacks," Zugec noted.
In May, Russian antivirus slinger Kaspersky spotted criminals using ShrinkLocker to target steel and vaccine manufacturers, plus government entities in Mexico, Indonesia, and Jordan.
Microsoft has also warned that Iranian miscreants had abused Windows' built-in BitLocker to encrypt compromised devices. ®
Another freebie to peruse: CISA's M365 infosec improver
In other free-infosec-help news, the US Cybersecurity and Infrastructure Security Agency (CISA) has seen a surge in downloads of its ScubaGear software, which automates assessment of Microsoft 365 configurations and searches for security gaps that could leave organizations vulnerable to exploitation.
After analyzing configurations, the software suggests changes that improve M365 security.
Since it debuted in October 2022, CISA has recorded over 30,000 downloads of the tool.
In a Wednesday post, SCuBA product manager Chad Poland and capacity building senior advisor Rachel Kelly noted "downloads significantly increased with the recent release of ScubaGear version 1.3.0 in June 2024."
Considering that misconfigs were the initial access point [PDF] for 30 percent of all cloud environment attacks during the first half of the year, according to Google, taking the plunge to check out ScubaGear seems entirely sensible.