When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New ransomware strain exploits Windows search tool Everything

A laptop with a padlock on the screen

Security researchers at Trend Micro have discovered a new ransomware strain that abuses the application programming interfaces of a third-party Windows search engine tool called Everything.

The ransomware, which Trend Micro named Mimic, targets Russian and English-speaking users. It has the following capabilities:

  • Collecting system information
  • Bypassing User Account Control (UAC)
  • Disabling Windows Defender
  • Disabling Windows telemetry
  • Activating anti-shutdown measures
  • Activating anti-kill measures
  • Unmounting virtual drives
  • Terminating processes and services
  • Disabling sleep mode and shutdown of the system
  • Removing indicators
  • Preventing system recovery
via Trend Micro

The ransomware attack starts when a victim receives an executable file likely via email. When launched, the file then extracts four more files on the target system (shown above), including the primary payload, supplementary files, and tools to disable Windows Defender.

    After the files are extracted, Mimic exploits Everything’s search capabilities by using the 'Everything32.dll’ file to look for specific file names and extensions on the compromised system. This enables the ransomware to identify encryptable files and avoid those that can render the system unusable if locked.

    via Trend Micro

    Finally, Mimic will append the .QUIETPLACE extension to the encrypted files and display a ransom note. The ransom demand, which must be paid in Bitcoin, is calculated based on the number of encrypted files.

    To protect your computer from ransomware attacks, always be cautious when opening unsolicited emails and attachments, and refrain from visiting potentially malicious sites. Make sure as well that your security programs are always updated so they can properly detect and remove ransomware. Finally, make it a habit to back up your files on an external storage system like a flash drive, hard drive, or the cloud. This way, even if ransomware encrypts your files, you can easily recover from a backup.

    Source: Trend Micro

    Report a problem with article
    OneNote logo with violet colored bars next to it against a black background
    Next Article

    Microsoft OneNote gets a new way to navigate your notebooks, sections, and pages

    cumulative updates
    Previous Article

    Windows 11 (KB5022360) is out with fixes for Taskbar search, and searchindexer.exe

    Join the conversation!

    Login or Sign Up to read and post a comment.

    11 Comments - Add comment