The new Mimic ransomware can hold your files fast for hostages

The new Mimic ransomware can hold your files fast for hostages

This ransomware is able to encrypt files even faster than other ransomware because it uses common third-party Windows search tools to know exactly what to look for

First discovered by Trend Micro last June, the new ransomware was named "Mimic" based on a string the company's security researchers found in the binary According to a new report (opens in new tab), Mimic ransomware is so far being used primarily to target Russian and English-speaking users

Interestingly, BleepingComputer (opens in new tab) notes that some of the code found in Mimic is similar to the Conti ransomware This appears to be due to the fact that Conti's source code was leaked by a Ukrainian researcher in March 2022, after which its creator took the Russian side

The Mimic ransomware is currently spreading through an executable (exe) file that is emailed to targeted victims Upon opening the executable, a malicious payload is deployed along with a tool used to disable Windows Defender on the victim's computer

Mimic has quite a few tricks up its sleeve to speed up the process of encrypting the victim's files, including targeting files with multiple processor threats and command line arguments

What makes Mimic much faster and more efficient than previous ransomware is the way it uses the "Everything" search tool to find hostage files developed by Voidtools, Everything is a file name search for Windows engine, and is much more efficient and faster than Windows Search

By using Everything on a targeted system, Mimic can find encryptable files such as documents, while avoiding system files that, if locked, would prevent the computer from turning on in the first place

Files encrypted by the Mimic ransomware are given a "QUIETPLACE" extension and a ransom demand letter named "Decrypt_metxt" is dropped somewhere on the user's system The ransom demand letter explains that the victim must pay the attacker in bitcoins to decrypt the file However, it also states that the attacker can decrypt only some of the victim's most important files for the price of "1 file = $1" For the victim, this may be worthwhile if there are only a few files needed from the locked system and they were planning to upgrade to a new PC anyway

This is the first time we have seen ransomware using popular third-party tools to speed up the encryption process; the Everything search tool is included in the malicious executable used to infect the PC with Mimic in the first place It is not even necessary to install it on the victim's machine, as it is included in the malicious executable used to infect the PC with Mimic in the first place

As with malware and other viruses, to protect oneself from ransomware, one should avoid opening email attachments from unknown senders Similarly, one should avoid downloading illegal software or downloading files from unproven sites

The best antivirus software can also detect many types of ransomware before your system is infected However, antivirus software cannot unlock files locked by attackers using ransomware For this reason, it is a good idea to use the best cloud storage to keep extra copies of your most important files safely stored in the cloud, and the best cloud backup services may be an even better choice because they back up your files automatically

If you are a victim of ransomware, this step-by-step guide can help you learn the process to get your files back At the same time, Bitdefender and other cybersecurity companies often release ransomware decryption tools (opens in new tab), as in the case of Darkside ransomware This way, even if you don't have the money or don't want to pay the ransom to the cybercriminals, you may be able to recover your files one day

As for the Mimic ransomware, it is a relatively new strain and we don't yet know much about how it is used in attacks or who is behind it Hopefully we will know more soon

Categories