English and Russian-speaking Windows users are being targeted by the novel Mimic ransomware, which has been leveraging the APIs of the Everything file search tool to identify to-be encrypted files, reports BleepingComputer.
Attacks with Mimic ransomware, which is similar to Conti ransomware, commence with an email-distributed executable that facilitates the extraction of the primary payload along with other files and Windows Defender deactivation tools, according to a Trend Micro report.
Deployment of the "Everything32.dll" payload enables Mimic to leverage the filename search engine's capabilities to determine files that could be encrypted while avoiding those that may prompt the system to be unbootable. Aside from collecting system information and establishing persistence through the RUN key, Mimic ransomware also has the capability to deactivate Windows telemetry, evade User Account Control, enable anti-shutdown and anti-kill measures, end processes and services, and omit indicators, among others.
While Mimic activity has yet to be proven, the ransomware strain's Conti builder and Everything API utilization suggests the skill of attackers behind the operation.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news