A new Windows ransomware strain has been discovered that can quickly encrypt your files by using a well-known third-party search tool.

Initially discovered in June of 2022, the ransomware string has been given the name Mimic, which is based on the binaries found by the researchers at Trend Micro. It is said that it’s currently targeting English- and Russian-speaking users.


Moreover, it’s been found that the code used in Mimic is similar to Conti ransomware. They were able to compare the codes after Conti’s source code was leaked in March 2022.

The Mimic ransomware is being rolled out via executable files (.exe) that are sent to users via email. Once an unsuspecting victim opened the file, it will extract the malicious payload together with tools that are tasked to disable Windows Defender.

What’s alarming is, this ransomware acts really fast as it can use multiple processor threats and command-line arguments that help it narrow-down file targeting.

To make it even faster and more efficient compared to other ransomware strains, it uses the “Everything” search tool to help locate files and hold them hostage.

“Everything” was developed by Voidtools that’s said to be much faster and more efficient than Windows Search.

SEE ALSO: How to find saved WiFi passwords on Windows 11

Once done, the encrypted files will get a “.QUIETPLACE” extension. Plus, users will see a “Decrypt_me.txt” that’s essentially a ransom note from the attackers that orders the victim to pay them in Bitcoin to regain access to the files.

But if the victim doesn’t want to pay for everything, the note also says that they can pay USD1.00 per 1 file.

To keep you safe from the new Mimic ransomware, all you need to do is follow the golden rule: never open attachments from sketchy or unknown senders.

Via: Tom’s Guide

Leave a comment

Your email address will not be published. Required fields are marked *