Share on facebookFacebook
Share on twitterTwitter
The BitLocker ransomware has exploited known vulnerabilities in Microsoft Exchanges, these vulnerabilities became known as ProxyShell, this name was given to the combination of three vulnerabilities: CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207.
BitLocker different from other groups uses a tool of Windows itself to encrypt the files, tool that gives the group its name.
This encryption tactic requires a little more from the group, because it needs to take control of the system through remote access, so it can perform the encryption. Even if the BitLocker program is disabled, the malware executes commands to enable it.
The fact that the group has to control the system remotely is worrying, because it doesn’t just use this “privilege” to activate encryption, through it the malware moves laterally in the system looking for backup systems and domain controllers.
This process is time consuming, it can last a few hours. And when the encryption process is finished all systems are locked down and a ransom note is left on the desktop containing information for the victim to contact the group.
The ransom is charged in cryptocurrencies and can vary according to the size of the company and the amount of files that have been encrypted. The value is usually around the thousands of dollars.
In cases where even the backup is encrypted it may seem that the only way out is to pay the ransom, but know that it is not. Digital Recovery specializes in ransomware encrypted data recovery, we can recover files that have been encrypted by Bitlocker ransomware on any storage device.
Digital Recovery has been in the data recovery market for over two decades, our biggest differentiator has always been our ability to develop innovative technologies. This has always kept us at the forefront of the market.
All our processes are unique and have been developed based on the General Data Protection Regulation (GDPR). We can recover data from HDDs, SSDs, Databases, Storages, Virtual Machines, RAID systems and more.
We can recover data anywhere in the world through remote recovery, this recovery is done in a totally secure environment. During the entire process the customer is accompanied by one of our specialists.
We provide all our customers with a confidentiality agreement (NDA), all information about the processes and files recovered are kept confidential.
Contact our specialists and start the recovery process right now.