Microsoft Windows Hit with New Ransomware Vulnerability, Puts Millions at Risk

Microsoft Windows 10 is facing a new ransomware vulnerability that could put millions of users and businesses at risk.

Cybersecurity firm Kaspersky reported on Friday a surge in threat actors repurposing operating system encryptors to transfer malware into computers and steal decryption keys.

Microsoft Windows Hit with New Ransomware Vulnerability, Puts Millions at Risk
Microsoft

According to Kaspersky, the exploit was made possible by abusing the Windows system's BitLocker feature, the built-in safety net to prevent hackers from reading or modifying data.

The exploit hinges on the BitLocker improvements Microsoft first rolled out in Windows 10, manipulating the cipher texts that supposedly protect users from such attacks.

The threat actors then compress the malware in the BitLocker's texts, allowing hackers to transfer huge sizes of malware into people's computers easily.

As of writing, the exploit, dubbed "ShrinkLocker," has already been reported as being used in Mexico, Indonesia, and Jordan.

It is uncertain if the exploit has already stemmed in the US. Windows 10 remains the most commonly used Windows system in Microsoft's catalog, contributing to 67.23% of Microsoft's overall users.

Windows Vulnerabilities Highlight Safety Concerns on Microsoft

The "ShrinkLocker" exploit was not the first time Microsoft's BitLocker was used to breach Windows computers.

Microsoft reported a similar exploit in 2022 Iranian-backed ransomware groups used to target foreign adversaries and vulnerable targets.

Reports of the exploit come in as Microsoft faces federal scrutiny following multiple data breaches resulting in the company's source code getting accessed.

Data Privacy Concerns for Windows 11 Mount Up

While upgrading to Windows 11 might seem a much safer option, however, safety and data privacy concerns are also becoming more evident on the latest operating system.

AI experts have called out recently against one of the features Microsoft introduced to Windows as part of integrating its Copilot chatbot to PCs.

The criticized feature refers to the "Recall" function allowing the Copilot AI to remember "what you have seen or done on your PC" a la photographic memory.

Microsoft claimed that all data collected by the AI will remain in the computer's offline storage.

Given Microsoft's history of protecting its users' data, people and other safety experts are hesitant about the technology's security.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics