ShrinkLocker: Ransomware Exploits BitLocker for Drive Encryption

Threat Level – Red | Vulnerability Report
Download PDF


ShrinkLocker is a new ransomware strain that exploits Microsoft’s BitLocker to encrypt entire drives, using a VBScript to shrink partitions and create new boot volumes. It disables Remote Desktop Protocol (RDP) and modifies registry settings to enforce encryption, making detection difficult. Instead of a ransom note, it embeds the attacker’s contact email in the boot partition labels, and deletes BitLocker protectors to prevent recovery.

Threat Level – Red | Attack Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox