Security News > 2023 > January > New Mimic ransomware abuses ‘Everything’ Windows search tool
Security researchers discovered a new ransomware strain they named Mimic that leverages the APIs of the 'Everything' file search tool for Windows to look for files targeted for encryption.
Mimic ransomware attacks begin with the victim receiving an executable, presumably via email, which extracts four files on the target system, including the main payload, ancillary files, and tools to disable Windows Defender.
Mimic is a versatile ransomware strain that supports command line arguments to narrow file targeting, while it can also make use of multiple processor threads to speed up the data encryption process.
Mimic ransomware uses Everything's search capabilities in the form of the 'Everything32.
Everything helps Mimic locate files that are valid for encryption while avoiding system files that would render the system unbootable if locked.
Mimic is a new strain with unproven activity as of yet, but using of the Conti builder and the Everything API proves its authors are competent software developers who have a clear understanding of how they can achieve their goals.