Detection of a new ransomware strain targeting the Windows search engine
Security researchers at Trend Micro have just announced a new strain of ransomware that abuses the application programming interface of a third-party Windows search engine called Everything to encrypt the target system.
Named Mimic, this ransomware strain primarily targets Russian and English-speaking users. It possesses the following malicious capabilities:
- Collect system information
- Bypass User Account Control (UAC)
- Disable Windows Defender
- Disable Windows telemetry
- Enable anti-shutdown measures
- Remove the virtual drive
- Termination of processes and services
- Disable sleep mode and shutdown the system
- Remove indexes
- Prevent system recovery
A ransomware attack begins when the victim receives an executable file containing malicious code via email. When launched, this will extract four more files on the target system (shown above), including the main payload, additional files, and a tool to disable Windows Defender
Once the malicious file system is extracted, Mimic immediately exploits Everything's search capabilities using the 'Everything32.dll' file to find specific file names and extensions on the compromised system . This allows the ransomware to identify files that can be encrypted, while avoiding files that could cause the system to crash if locked. This is one of the extremely smart mechanisms of this ransomware strain.
Finally, Mimic will add the .QUIETPLACE extension to the encrypted files and display a ransom note to the victim. The malware demands a ransom to be paid in Bitcoin, calculated based on the number of encrypted files.
To protect your computer from ransomware attacks in general and Mimic in particular, always exercise caution when opening unwanted emails and attachments, and limit access to potentially malicious websites . Also, make sure your security programs are up to date so they can properly detect and remove ransomware. Finally, make it a habit to back up important files on external storage systems such as flash drives, hard drives, or the cloud. This way, even if ransomware encrypts your data, you can still easily restore everything you need from the backup.
You should read it
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
May be interested
- How to add a search engine to qBittorrentmany modern bittorrent clients have a search function. in many cases this functionality is semi-hidden, as in qbittorrent. you have to take a few extra steps to reach its full potential.
- Some basic concepts to know about Search Engine Optimization - SEO (part 1)the concept of seo - search engine optimization, or often referred to as search engine optimization, is probably not strange to many of us. but knowing the nature as well as taking advantage of seo is not everyone knows and performs properly. in the following article, we will introduce you the concepts of v &
- Extract Google search engine from Windows Phone 8.1if you own a windows phone 8.1 device, once you upgrade to gdr1, you will only have bing as the search service.
- 10 free search tools for Windows 10there are some parts in windows 10 that are not as good as expected, such as windows search. although there are some tips and tricks for windows search, it has never been on par with the search features of mac and linux. although windows 10 has tried to reduce the distance, it is still slow and imperfect.
- Is search engine submission necessary?should you also submit your web pages, or have this become as obsolete as cordless phones and fax machines? let tipsmake find the answer through the following article!
- New ransomware strain discovered using leaked Windows and Linux encryptiona new ransomware operation called 'buhti' uses leaked code of the lockbit and babuk ransomware families to target windows and linux systems
- Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMwaredubbed magniber, this dangerous ransomware strain has been around for a while now, and is ranked among the most dangerous with its diverse infection capabilities.
- Is it worth paying for a premium search engine?premium search engines claim to protect users' privacy and keep them from seeing annoying ads while still getting the desired results.
- [Infographic] History of search enginesthe advent of the internet gives people a huge database of data in many fields. wherever it is on the earth, with just a networked computer, we can access those data. however, things were not so easy before.
- How to use Trend Micro RansomBuster blocks ransomwaretrendmicro ransom buster is ransomware blocking software on your computer, detecting dangerous files that infiltrate your computer.