Detection of a new ransomware strain targeting the Windows search engine
Security researchers at Trend Micro have just announced a new strain of ransomware that abuses the application programming interface of a third-party Windows search engine called Everything to encrypt the target system.
Named Mimic, this ransomware strain primarily targets Russian and English-speaking users. It possesses the following malicious capabilities:
- Collect system information
- Bypass User Account Control (UAC)
- Disable Windows Defender
- Disable Windows telemetry
- Enable anti-shutdown measures
- Remove the virtual drive
- Termination of processes and services
- Disable sleep mode and shutdown the system
- Remove indexes
- Prevent system recovery
Detection of a new ransomware strain targeting the Windows search engine Picture 1
A ransomware attack begins when the victim receives an executable file containing malicious code via email. When launched, this will extract four more files on the target system (shown above), including the main payload, additional files, and a tool to disable Windows Defender
Once the malicious file system is extracted, Mimic immediately exploits Everything's search capabilities using the 'Everything32.dll' file to find specific file names and extensions on the compromised system . This allows the ransomware to identify files that can be encrypted, while avoiding files that could cause the system to crash if locked. This is one of the extremely smart mechanisms of this ransomware strain.
Detection of a new ransomware strain targeting the Windows search engine Picture 2
Finally, Mimic will add the .QUIETPLACE extension to the encrypted files and display a ransom note to the victim. The malware demands a ransom to be paid in Bitcoin, calculated based on the number of encrypted files.
To protect your computer from ransomware attacks in general and Mimic in particular, always exercise caution when opening unwanted emails and attachments, and limit access to potentially malicious websites . Also, make sure your security programs are up to date so they can properly detect and remove ransomware. Finally, make it a habit to back up important files on external storage systems such as flash drives, hard drives, or the cloud. This way, even if ransomware encrypts your data, you can still easily restore everything you need from the backup.
You should read it
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
- What is Fargo Ransomware? How to avoid?
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
May be interested
The 5 most dangerous web application vulnerabilities and how to find them
How do hackers sell and trade your data in the Metaverse?
Microsoft found a security bug so powerful that it could shut down a power plant
Microsoft revealed the 'system crash' incident in early June was caused by a DDoS attack
Leaked Microsoft document claims PS5 Slim will launch this year for $399
Apple releases urgent zero-day patches for iOS, iPadOS and macOS, users note