>
Cybersecurity firm Trend Micro has discovered details of a new type of ransomware it found targeting the Windows “Everything” search feature to attack English and Russian-speaking Windows users.
First observed in June 2022, the malware has “deleted shadow copies, terminated multiple applications and services, and misused Everything32.dll functions to search target files to be encrypted”.
The researchers also found that some of the code is shared with the infamous Conti ransomware, which leaked in early 2022 following a large number of high-profile attacks.
Mimic Windows everything
Trend Micro has named the ransomware “Mimic”, which it says is based on a string it found in its binaries.
It notes how Mimic arrives on an affected user’s computer as an executable file (although it’s not confirmed if it’s via email, a download, etc.), which contains “multiple binaries and a password-protected archive ( disguised as Everything64.dll)”.
The findings indicate that the attack consists largely of legitimate files, but one file contains the malicious payloads.
Trend Micro says this combination of multiple running threads and the way it exploits Everything’s APIs allows it to run with minimal resource usage, resulting in more efficient execution and attack.
The solution? As always, the company believes a multi-layered approach will provide the best security, including applying data protection measures, backup and recovery, and conducting regular vulnerability assessments, and patching systems as security updates become available.
There is also a slew of software designed to prevent and handle attacks against personal and business computers for an extra layer of protection.