Next, the malicious script sends system information and the encryption key generated on the infected computer to the malicious server. After that, it "cleans the tracks". removes logs and various files that can help investigate the attack. At the final stage, the malware forcibly blocks access to the system. The victim sees a message on the screen. "There are no options to restore BitLocker on your computer." Kaspersky experts named the malicious script ShrinkLocker. Changing parameters of hard disk partitions plays a key role during attacks. it provides an opportunity for criminals to boot the system with encrypted files.” The attacks used BitLocker, a tool originally designed to prevent unauthorized access to data. A defensive tool has become a weapon in the hands of criminals. Companies using BitLocker need to use strong passwords and securely store access recovery keys. It is also important to organize a backup copy of important data. We recommend using MDR or EDR class solutions for early detection and, of course, investigating all incidents to identify the original attack vector and exclude the recurrence of similar incidents in the future," comments Konstantin Sapronov, Head of Global Computer Incident Response Team at Kaspersky. Further risk mitigation tips from Kaspersky can be found here.
Kaspersky has detected ransomware using a legitimate Windows feature
04.06 09:38 |
Category
Science and culture
