Jump to content
  • New ransomware strain exploits Windows search tool Everything

    alf9872000

    • 503 views
    • 2 minutes
     Share


    • 503 views
    • 2 minutes

    Security researchers at Trend Micro have discovered a new ransomware strain that abuses the application programming interfaces of a third-party Windows search engine tool called Everything.

     

    The ransomware, which Trend Micro named Mimic, targets Russian and English-speaking users. It has the following capabilities:

     

    • Collecting system information
    • Bypassing User Account Control (UAC)
    • Disabling Windows Defender
    • Disabling Windows telemetry
    • Activating anti-shutdown measures
    • Activating anti-kill measures
    • Unmounting virtual drives
    • Terminating processes and services
    • Disabling sleep mode and shutdown of the system
    • Removing indicators
    • Preventing system recovery
     
    1674788301_ezgif.com-gif-maker_6_story.j

    via Trend Micro

     

    The ransomware attack starts when a victim receives an executable file likely via email. When launched, the file then extracts four more files on the target system (shown above), including the primary payload, supplementary files, and tools to disable Windows Defender.

     

    After the files are extracted, Mimic exploits Everything’s search capabilities by using the 'Everything32.dll’ file to look for specific file names and extensions on the compromised system. This enables the ransomware to identify encryptable files and avoid those that can render the system unusable if locked.

     

    1674789338_mimic-ransomware-11_story.jpg

    via Trend Micro

     

    Finally, Mimic will append the .QUIETPLACE extension to the encrypted files and display a ransom note. The ransom demand, which must be paid in Bitcoin, is calculated based on the number of encrypted files.

     

    To protect your computer from ransomware attacks, always be cautious when opening unsolicited emails and attachments, and refrain from visiting potentially malicious sites. Make sure as well that your security programs are always updated so they can properly detect and remove ransomware. Finally, make it a habit to back up your files on an external storage system like a flash drive, hard drive, or the cloud. This way, even if ransomware encrypts your files, you can easily recover from a backup.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...