Cybersecurity company Trend Micro has details on a new breed of ransomware It was found to target the “Everything” Windows search tool to attack English and Russian-speaking Windows users.
the malware was first observed in June 2022 and has “deleted shadow copies, terminated several applications and services and abused Everything32.dll functions to query target files to be encrypted”.
The researchers also found that some of the code is shared with the notorious Conti ransomware, which was leaked in early 2022 after a series of high-profile attacks.
Mimic Windows Everything
Trend Micro has given the ransomware the name “Mimic”, allegedly based on a string of characters it found in its binaries.
It notes how Mimic arrives on an affected user’s computer as an executable (although it’s not confirmed if this happens via email, download, etc.), causing “several binaries and a password-protected archive (disguised as Everything64.dll ) are filed”.
The results show that the attack consists mostly of legitimate files, but one file contains the malicious payloads.
According to Trend Micro, this combination of multiple running threads and the way it abuses Everything’s APIs allows it to run with minimal resource consumption, resulting in more efficient execution and a more efficient attack.
The solution? As always, the company believes that a layered approach offers the best security, including applying data protection, backup and recovery measures, conducting regular vulnerability assessments, and patching systems as security updates become available.
There is also a whole range of software designed to prevent and mitigate attacks on home and business computers to provide an extra layer of protection.
