Ransomware BitLocker

The BitLocker ransomware has exploited known vulnerabilities in Microsoft Exchange, these vulnerabilities became known as ProxyShell, this name was given to the combination of three vulnerabilities: CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207.

Unlike other groups, BitLocker uses a tool from Windows itself to encrypt the files, a tool that gives the group its name.

This encryption tactic requires a bit more from the group, because it needs to take control of the system through remote access, so that it can perform the encryption. Even if the BitLocker program is disabled, the malware executes commands to enable it.

The fact that the group has to control the system remotely is of concern, because it does not just use this “privilege” to activate encryption, through this the malware moves laterally in the system looking for backup systems and domain controllers.

This process is time consuming, it can last a few hours. And when the encryption process is finished all systems are locked down and a ransom note is left on the desktop containing information for the victim to contact the group.

The ransom is charged in cryptocurrencies and can vary according to the size of the company and the amount of files that have been encrypted. The amount is usually around the thousands of dollars.

In cases where even the backup is encrypted it may seem that the only way out is to pay the ransom, but that is not. Digital Recovery specializes in ransomware encrypted data recovery, we can recover files that have been encrypted by Bitlocker ransomware on any storage device.

Recover Files Encrypted by BitLocker Ransomware

Digital Recovery has been in the data recovery market for over two decades, our biggest advantage has always been our ability to develop innovative technologies. This has always kept us at the forefront of the market.

We can recover data from HDDs, SSDs, Databases, Storages, Virtual Machines, RAID systems, and more.

We can recover data anywhere in the world via remote recovery, and this recovery is done in a totally secure environment. During the entire process, the client is followed by one of our specialists.

We provide all of our customers with a non-disclosure agreement (NDA), so all information about the processes and files recovered is kept confidential.

Contact our specialists and start the recovery process right now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.