Ransomware, Threat Management, Threat Management

Novel Mimic ransomware strain detailed

English and Russian-speaking Windows users are being targeted by the novel Mimic ransomware, which has been leveraging the APIs of the Everything file search tool to identify to-be encrypted files, reports BleepingComputer. Attacks with Mimic ransomware, which is similar to Conti ransomware, commence with an email-distributed executable that facilitates the extraction of the primary payload along with other files and Windows Defender deactivation tools, according to a Trend Micro report. Deployment of the "Everything32.dll" payload enables Mimic to leverage the filename search engine's capabilities to determine files that could be encrypted while avoiding those that may prompt the system to be unbootable. Aside from collecting system information and establishing persistence through the RUN key, Mimic ransomware also has the capability to deactivate Windows telemetry, evade User Account Control, enable anti-shutdown and anti-kill measures, end processes and services, and omit indicators, among others. While Mimic activity has yet to be proven, the ransomware strain's Conti builder and Everything API utilization suggests the skill of attackers behind the operation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.