1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious ransomware hijacks the Windows Everything search too

    From TechnologyDaily@1337:1/100 to All on Fri Jan 27 13:15:03 2023
    This devious ransomware hijacks the Windows Everything search tool

    Date:
    Fri, 27 Jan 2023 13:04:20 +0000

    Description:
    This sneaky ransomware is using Windows Everything to deploy an even more efficient attack, so be on your guard.

    FULL STORY ======================================================================

    Cybersecurity company Trend Micro has uncovered details of a new type of ransomware it found targeting the Windows Everything search tool to attack English and Russian-speaking Windows users.

    The malware was first observed back in June 2022, and has been deleting
    shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.

    The researchers also found that some of the code is shared with the notorious Conti ransomware, which was leaked in early 2022 after a host of high-profile attacks. Mimic Windows Everything

    Trend Micro has denoted the Mimic name to the ransomware, which it says is based on a string it found in its binaries.

    It notes how Mimic arrives at an affected users computer as an executable (though its not confirmed if this is via email, a download, etc), which drops multiple binaries and a password-protected archive (disguised as Everything64.dll).

    The findings uncover that the attack is largely made up of legitimate files, however one file contains the malicious payloads. Read more

    These are the best ID theft protection tools around


    One in four SMBs has been hit with ransomware


    MegaCortex ransomware victims can now escape with a free decryptor

    Trend Micro says this combination of multiple running threads and the way it abuses Everythings APIs allows it to run with minimal resource usage, resulting in a more efficient execution and attack.

    The solution? As ever, the company reckons a multilayered approach will provide the best security, including applying data protection, backup, and recovery measures, and conducting regular vulnerability assessments, and patching systems as soon as security updates become available.

    Theres also a whole range of software designed to prevent and deal with attacks on personal and business computers for an additional layer of protection. Here are the best endpoint protection software and best firewalls for you to add that extra layer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-devious-ransomware-hijacks-the-windows-eve rything-search-tool


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)