This devious ransomware hijacks the Windows Everything search tool

(Image credit: Pixabay)

Cybersecurity company Trend Micro has uncovered details of a new type of ransomware it found targeting the Windows ‘Everything’ search tool to attack English and Russian-speaking Windows users.

The malware was first observed back in June 2022, and has been “deleting shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.”

The researchers also found that some of the code is shared with the notorious Conti ransomware, which was leaked in early 2022 after a host of high-profile attacks.

TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Mimic Windows Everything

Trend Micro has denoted the ‘Mimic’ name to the ransomware, which it says is based on a string it found in its binaries.

It notes how Mimic arrives at an affected user’s computer as an executable (though it’s not confirmed if this is via email, a download, etc), which “drops multiple binaries and a password-protected archive (disguised as Everything64.dll)”. 

The findings uncover that the attack is largely made up of legitimate files, however one file contains the malicious payloads.

Trend Micro says this combination of multiple running threads and the way it abuses Everything’s APIs allows it to run with minimal resource usage, resulting in a more efficient execution and attack.

The solution? As ever, the company reckons a multilayered approach will provide the best security, including applying data protection, backup, and recovery measures, and conducting regular vulnerability assessments, and patching systems as soon as security updates become available.

There’s also a whole range of software designed to prevent and deal with attacks on personal and business computers for an additional layer of protection.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!