This insidious ransomware hijacks the Windows Everything search engine
Cybersecurity firm Trend Micro has discovered details of a new type Ransomware it found targeting the Windows ‘Everything’ search engine to attack English- and Russian-speaking Windows users.
The malware was first observed in June 2022 and has “removed hidden copies, terminated many applications and services, and abused Everything32.dll functions to query target files to be encrypted chemical.”
The researchers also discovered that some code shared with the infamous Conti ransomware was leaked in early 2022 following a series of well-known attacks.
Mimic everything Windows
Trend Micro has denoted the name ‘Mimic’ for the ransomware, which it says is based on a string it found in its binaries.
It notes how the Mimic reached the affected user’s computer as an executable (though it was not confirmed if this was via email, download, etc.), which “drops multiple binaries and password protected archive (disguised as Everything64.dll)”.
The findings show that the attack was largely made up of legitimate files, but one file contained malicious payloads.
Trend Micro says this combination of multiple running threads and how it abuses Everything’s API allows it to run with minimal resource usage, resulting in more efficient execution and attack.
Solution? More than ever, the company believes that a layered approach will provide the best security, including applying protections, backing up and recovering data, and conducting vulnerability assessments. regularly and patch the system as soon as a security update is available.
There is also a range of software designed to prevent and respond to attacks on personal and business computers for an extra layer of protection.