New ransomware group abusing BitLocker
Essential information
- Published
- 23/05/2024 14:49
- Modified
- 23/05/2024 15:24
- Tags
- 2024-05-23 bitlocker encryption exfiltration partitions ransomware trojan-ransom.vbs.bitlock.gen trojan.vbs.sagent.gen trojan.win32.generic
- Related entities
- 1 vulnerabilities (cve), 6 observables, 9 techniques (mitre), 3 malware, 3 others
Description
The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with randomized encryption keys, and exfiltrated the keys to a command-and-control server. The analysis provides insights into the malware's tactics, techniques, procedures, artifacts, and potential recovery methods, highlighting the creative abuse of legitimate system features by cybercriminals.