{"id":56170,"date":"2024-05-27T15:21:02","date_gmt":"2024-05-27T15:21:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35926\/New-Ransomware-Uses-BitLocker-To-Encrypt-Victim-Data.html"},"modified":"2024-05-27T15:21:02","modified_gmt":"2024-05-27T15:21:02","slug":"new-ransomware-uses-bitlocker-to-encrypt-victim-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/","title":{"rendered":"New Ransomware Uses BitLocker To Encrypt Victim Data"},"content":{"rendered":"<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/05\/newly-discovered-ransomware-uses-bitlocker-to-encrypt-victim-data\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">69<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 1:single\/related:2e426b6452c090adae2b8a41d0a908a6 --><!-- empty --><\/p>\n<p>A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system.<\/p>\n<p>BitLocker is a <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/administration\/windows-commands\/manage-bde\">full-volume encryptor<\/a> that debuted in 2007 with the release of Windows Vista. Users employ it to encrypt entire hard drives to prevent people from reading or modifying data in the event they get physical access to the disk. Starting with the <a href=\"https:\/\/learn.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-10\/whats-new\/whats-new-windows-10-version-1507-and-1511\">rollout of Windows 10<\/a>, BitLocker by default has used the 128-bit and 256-bit XTS-AES encryption algorithm, giving the feature extra protection from attacks that rely on manipulating cipher text to cause predictable changes in plain text.<\/p>\n<p>Recently, researchers from security firm Kaspersky found a threat actor using BitLocker to encrypt data on systems located in Mexico, Indonesia, and Jordan. The researchers named the new ransomware ShrinkLocker, both for its use of BitLocker and because it shrinks the size of each non-boot partition by 100 MB and splits the newly unallocated space into new primary partitions of the same size.<\/p>\n<p>\u201cOur incident response and malware analysis are evidence that attackers are constantly refining their tactics to evade detection,\u201d the researchers <a href=\"https:\/\/securelist.com\/ransomware-abuses-bitlocker\/112643\/\">wrote Friday<\/a>. \u201cIn this incident, we observed the abuse of the native BitLocker feature for unauthorized data encryption.\u201d<\/p>\n<p>ShrinkLocker isn\u2019t the first malware to leverage BitLocker. In 2022, Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/09\/07\/profiling-dev-0270-phosphorus-ransomware-operations\/\">reported<\/a> that ransomware attackers with a nexus to Iran also used the tool to encrypt files. That same year, the Russian agricultural business Miratorg was <a href=\"https:\/\/web.archive.org\/web\/20220322133723\/https:\/\/fsvps.gov.ru\/fsvps\/news\/47945.html\">attacked<\/a> by ransomware that used BitLocker to encrypt files residing in the system storage of infected devices.<\/p>\n<p>Once installed on a device, ShrinkLocker runs a VisualBasic script that first invokes the Windows Management Instrumentation and Win32_OperatingSystem class to obtain information about the operating system.<\/p>\n<p>\u201cFor each object within the query results, the script checks if the current domain is different from the target,\u201d the Kaspersky researchers wrote. \u201cIf it is, the script finishes automatically. After that, it checks if the name of the operating system contains &#8216;xp,&#8217; &#8216;2000,&#8217; &#8216;2003,&#8217; or &#8216;vista,&#8217; and if the Windows version matches any one of these, the script finishes automatically and deletes itself.\u201d<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01.png\" class=\"enlarge\" data-height=\"403\" data-width=\"1488\" alt=\"A screenshot showing initial conditions for execution.\"><img loading=\"lazy\" decoding=\"async\" alt=\"A screenshot showing initial conditions for execution.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01-640x173.png\" width=\"640\" height=\"173\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01-1280x347.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01.png\" class=\"enlarge-link\" data-height=\"403\" data-width=\"1488\">Enlarge<\/a> <span class=\"sep\">\/<\/span> A screenshot showing initial conditions for execution.<\/div>\n<\/figcaption><\/figure>\n<p>The script then continues to use the WMI for querying information about the OS. It goes on to perform the disk resizing operations, which can vary depending on the OS version detected. The ransomware performs these operations only on local, fixed drives. The decision to leave network drives alone is likely motivated by the desire not to trigger network detection protections.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Eventually, ShrinkLocker disables protections designed to secure the BitLocker encryption key and goes on to delete them. It then enables the use of a numerical password, both as a protector against anyone else taking back control of BitLocker and as an encryptor for system data. The reason for deleting the default protectors is to disable key recovery features by the device owner. ShrinkLocker then goes on to generate a 64-character encryption key using random multiplication and replacement of:<\/p>\n<ul>\n<li aria-level=\"1\">A variable with the numbers 0\u20139;<\/li>\n<li aria-level=\"1\">The famous pangram, \u201cThe quick brown fox jumps over the lazy dog,\u201d in lowercase and uppercase, which contains every letter of the English alphabet;<\/li>\n<li aria-level=\"1\">Special characters.<\/li>\n<\/ul>\n<p>After several additional steps, data is encrypted. The next time the device reboots, the display looks like this:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-02.png\" class=\"enlarge\" data-height=\"645\" data-width=\"884\" alt=\"Screenshot showing the BitLocker recovery screen.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot showing the BitLocker recovery screen.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-02-640x467.png\" width=\"640\" height=\"467\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-02.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-02.png\" class=\"enlarge-link\" data-height=\"645\" data-width=\"884\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot showing the BitLocker recovery screen.<\/div>\n<\/figcaption><\/figure>\n<p>Decrypting drives without the attacker-supplied key is difficult and likely impossible in many cases. While it is possible to recover some of the passphrases and fixed values used to generate the keys, the script uses variable values that are different on each infected device. These variable values aren\u2019t easy to recover.<\/p>\n<p>There are no protections specific to ShrinkLocker for preventing successful attacks. Kaspersky advises the following:<\/p>\n<ul>\n<li aria-level=\"1\">Use robust, properly configured endpoint protection to detect threats that try to abuse BitLocker;<\/li>\n<li aria-level=\"1\">Implement<a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/managed-detection-and-response\"> Managed Detection and Response (MDR)<\/a> to proactively scan for threats;<\/li>\n<li aria-level=\"1\">If BitLocker is enabled, make sure it uses a strong password and that the recovery keys are stored in a secure location;<\/li>\n<li aria-level=\"1\">Ensure that users have only minimal privileges. This prevents them from enabling encryption features or changing registry keys on their own;<\/li>\n<li aria-level=\"1\">Enable network traffic logging and monitoring. Configure the logging of both GET and POST requests. In case of infection, the requests made to the attacker\u2019s domain may contain passwords or keys;<\/li>\n<li aria-level=\"1\">Monitor for events associated with VBS execution and PowerShell, then save the logged scripts and commands to an external repository storing activity that may be deleted locally;<\/li>\n<li aria-level=\"1\">Make backups frequently, store them offline, and test them.<\/li>\n<\/ul>\n<p>Friday\u2019s report also includes indicators that organizations can use to determine if they have been targeted by ShrinkLocker.<\/p>\n<p><em>Listing image by <a href=\"https:\/\/www.gettyimages.com\/\">Getty Images<\/a><\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35926\/New-Ransomware-Uses-BitLocker-To-Encrypt-Victim-Data.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56171,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8989],"class_list":["post-56170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarecybercrimecryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-27T15:21:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01-640x173.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Ransomware Uses BitLocker To Encrypt Victim Data\",\"datePublished\":\"2024-05-27T15:21:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/\"},\"wordCount\":786,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png\",\"keywords\":[\"headline,malware,cybercrime,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/\",\"name\":\"New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png\",\"datePublished\":\"2024-05-27T15:21:02+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png\",\"width\":640,\"height\":173},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,cybercrime,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarecybercrimecryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Ransomware Uses BitLocker To Encrypt Victim Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/","og_locale":"en_US","og_type":"article","og_title":"New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-05-27T15:21:02+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/05\/shrinklocker-01-640x173.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Ransomware Uses BitLocker To Encrypt Victim Data","datePublished":"2024-05-27T15:21:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/"},"wordCount":786,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/05\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png","keywords":["headline,malware,cybercrime,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/","url":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/","name":"New Ransomware Uses BitLocker To Encrypt Victim Data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/05\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png","datePublished":"2024-05-27T15:21:02+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/05\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/05\/new-ransomware-uses-bitlocker-to-encrypt-victim-data.png","width":640,"height":173},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-ransomware-uses-bitlocker-to-encrypt-victim-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,cybercrime,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarecybercrimecryptography\/"},{"@type":"ListItem","position":3,"name":"New Ransomware Uses BitLocker To Encrypt Victim Data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56170"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56170\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56171"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}