Ransomware, Threat Management, Threat Management
Novel Mimic ransomware strain detailed
English and Russian-speaking Windows users are being targeted by the novel Mimic ransomware, which has been leveraging the APIs of the Everything file search tool to identify to-be encrypted files, reports BleepingComputer.
Attacks with Mimic ransomware, which is similar to Conti ransomware, commence with an email-distributed executable that facilitates the extraction of the primary payload along with other files and Windows Defender deactivation tools, according to a Trend Micro report.
Deployment of the "Everything32.dll" payload enables Mimic to leverage the filename search engine's capabilities to determine files that could be encrypted while avoiding those that may prompt the system to be unbootable. Aside from collecting system information and establishing persistence through the RUN key, Mimic ransomware also has the capability to deactivate Windows telemetry, evade User Account Control, enable anti-shutdown and anti-kill measures, end processes and services, and omit indicators, among others.
While Mimic activity has yet to be proven, the ransomware strain's Conti builder and Everything API utilization suggests the skill of attackers behind the operation.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds