A new ransomware variant known as Mimic was found by security researchers, and it uses the Windows ‘Everything’ file search tool’s APIs to scan for files that should be encrypted.
The virus has been “deleting shadow copies, terminating several apps and services, and abusing Everything32.dll methods to query target files that are to be encrypted,” according to the first observation of it in June 2022.
What is Mimic ransomware?
The ransomware payload for Mimic is contained in a password-protected package that is presented as Everything64.dll and dropped by the executable Mimic along with other components. Additionally, it contains tools for disabling valid sdel binaries and Windows Defender.
Mimic is a flexible strain of ransomware that may use command-line options to target specific files and multi-processor threads to encrypt data more quickly. The victim of a mimic ransomware attack first receives an executable, most likely via email. This executable loads four files onto the target machine, including the primary payload, auxiliary files, and tools to turn off Windows Defender.
The popular Windows filename search engine ‘Everything’ was created by Voidtools. The tool supports real-time updates and is lightweight an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: