Cybersecurity company Trend Micro has uncovered details of a new type of ransomware it found targeting the Windows ‘Everything’ search tool to attack English and Russian-speaking Windows users.
The malware was first observed back in June 2022, and has been “deleting shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.”
The researchers also found that some of the code is shared with the notorious Conti ransomware, which was leaked in early 2022 after a host of high-profile attacks.
Mimic Windows Everything
Trend Micro has denoted the ‘Mimic’ name to the ransomware, which it says is based on a string it found in its binaries.
It notes how Mimic arrives at an affected user’s computer as an executable (though it’s not confirmed if this is via email, a download, etc), which “drops multiple binaries and a password-protected archive (disguised as Everything64.dll)”.
The findings uncover that the attack is largely made up of legitimate files, however one file contains the malicious payloads.
Trend Micro says this combination of multiple running threads and the way it abuses Everything’s APIs allows it to run with minimal resource usage, resulting in a more efficient execution and attack.
The solution? As ever, the company reckons a multilayered approach will provide the best security, including applying data protection, backup, and recovery measures, and conducting regular vulnerability assessments, and patching systems as soon as security updates become available.
There’s also a whole range of software designed to prevent and deal with attacks on personal and business computers for an additional layer of protection.