A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s files and demands a ransom payment of 0.25 Bitcoin in order to decrypt them.
The Mimic ransomware is the latest example of ransomware that takes advantage of the Windows Search Tool to conduct its malicious activities. The Windows Search Tool is a service that is automatically started in the Microsoft Windows operating system. When activated, it indexes the files on the system to provide faster searches for the user. The ransomware leverages this service to quickly scan through the computer's hard drives for files that it can encrypt.
Once the files have been identified, Mimic ransomware encrypts them using the popular RSA-4096 encryption algorithm. Once the encryption process is complete, the ransomware displays a message on the victim's desktop that includes the ransom demand and instructions for how to pay the ransom.
Unfortunately, just like other forms of ransomware, Mimic is a difficult type of malware to recover from once it has been installed and activated. Therefore, if you believe your system has been infected by Mimic ransomware, it is important to take the necessary steps to protect yourself against potential attacks. This includes ensuring that you have a back-up system in place, installing and regularly updating antivirus software, and encrypting sensitive data.
It is also important to stay informed about the latest security threats and have a plan in place to protect your data in the event of a ransomware attack. With the right prevention tactics and secure networking practices, you can minimize the chances of your data falling into the hands of cybercriminals.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 26 Jan 2023 20:23:03 +0000