"New Mimic Ransomware Abuses 'Everything' Windows Search Tool"

Security researchers have discovered Mimic, a new ransomware strain that searches for files that are valid for encryption using the Application Programming Interfaces (APIs) of Windows' 'Everything' file search tool. The malware, discovered in June 2022 by Trend Micro researchers, appears to target mostly English and Russian-speaking users. Some of Mimic's code is similar to that of the Conti ransomware, the source of which was revealed in March 2022 by a Ukrainian researcher. Mimic ransomware attacks start with the victim getting an executable, most likely over email, that extracts four files on the target system, including the primary payload, ancillary files, and tools to disable Windows Defender. Mimic is a sophisticated ransomware strain that leverages command line arguments to narrow file targeting and multiple processor threads to accelerate data encryption. The new ransomware family includes various modern-day capabilities, such as gathering system information, establishing persistence through the RUN key, triggering anti-shutdown measures, and more. This article continues to discuss the capabilities of the new Mimic ransomware strain. 

Bleeping Computer reports "New Mimic Ransomware Abuses 'Everything' Windows Search Tool"