-: FOLLOW US :- @theinsaneapp
Researchers from Trend Micro identified an entirely new ransomware variant that exploits the interfaces for application programming of an external Windows software for searching known as Everything.
-: FOLLOW US :- @theinsaneapp
The ransomware, which was named Mimic by Trend Micro, targets Russian and English-speaking people.
-: FOLLOW US :- @theinsaneapp
The ransomware attack begins when the victim is sent an executable file, most likely through an email.
-: FOLLOW US :- @theinsaneapp
Once launched, the file can extract four additional files from the system to be targeted, including the main payload, additional files, and tools for disabling Windows Defender.
-: FOLLOW US :- @theinsaneapp
Once the files have been removed, Mimic exploits Everything's search capabilities, using the 'Everything32.dll file to search for specific extensions and file names on the compromised system.
-: FOLLOW US :- @theinsaneapp
This allows the ransomware to detect encrypted files and avoid those that would make the system inaccessible when locked.