This devious ransomware hijacks the Windows Everything search tool – TechRadar
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Take caution, Windows users
Cybersecurity company Trend Micro has uncovered details of a new type of ransomware it found targeting the Windows ‘Everything’ search tool to attack English and Russian-speaking Windows users.
The malware was first observed back in June 2022, and has been “deleting shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.”
The researchers also found that some of the code is shared with the notorious Conti ransomware, which was leaked in early 2022 after a host of high-profile attacks.
TechRadar Pro needs you! (opens in new tab)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Trend Micro has denoted the ‘Mimic’ name to the ransomware, which it says is based on a string it found in its binaries.
It notes how Mimic arrives at an affected user’s computer as an executable (though it’s not confirmed if this is via email, a download, etc), which “drops multiple binaries and a password-protected archive (disguised as Everything64.dll)”.
The findings uncover that the attack is largely made up of legitimate files, however one file contains the malicious payloads.
> These are the best ID theft protection tools around
> One in four SMBs has been hit with ransomware
> MegaCortex ransomware victims can now escape with a free decryptor
Trend Micro says this combination of multiple running threads and the way it abuses Everything’s APIs allows it to run with minimal resource usage, resulting in a more efficient execution and attack.
The solution? As ever, the company reckons a multilayered approach will provide the best security, including applying data protection, backup, and recovery measures, and conducting regular vulnerability assessments, and patching systems as soon as security updates become available.
There’s also a whole range of software designed to prevent and deal with attacks on personal and business computers for an additional layer of protection.
Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the electrification of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.