By Gagandeep Singh
28-Jan-2023
Trend Micro found a new ransomware named Mimic, which was first discovered in June 2022.
It takes advantage of the APIs of the 'Everything' file search tool for Windows to search for files that are targeted for encryption.
Report says, the ransomware targets users who speak Russian & English.
There are similarities between some of the codes of Mimic & Condi(another dangerous ransomware).
The targets get an executable file via an e-mail that extracts four files that eventually disable Windows Defender.
This ransomware supports the command-line arguments to narrow file targeting that accelerate the data encryption process.
Mimic has several capabilities found in this ransomware, like, Collecting user information, Bypassing User Account Control.
It uses Everything search in the form of Everything32.dlll, dropped in the infection phase.
The file search engine helps the ransomware to find the files which are valid for encryption.
Files encrypted by Mimic get the ‘QUITEPLACE’ extension, and then a Ransome message is flashed onto the compromised machine.