Is Mimic Ransomware a Growing Threat? Mimic ransomware is a highly destructive and stealthy malware that has been wreaking havoc on computer systems worldwide. Here’s what you need to know about this insidious cyber threat: * Origins: Mimic ransomware emerged in 2020, with the first detected cases in Europe. * Modus Operandi: The attackers use phishing emails or drive-by downloads to infect victims’ devices. Once inside, it encrypts files and demands a hefty ransom payment in cryptocurrency. What are the key features of Mimic Ransomware? * High-level encryption: Mimic uses advanced encryption algorithms to render files unusable. * Stealthy deployment: Attackers use compromised networks or stolen credentials to spread the malware undetected. * Targeted attacks: Mimic focuses on specific industries, such as healthcare and finance. How can you protect yourself from Mimic Ransomware? * Educate employees: Conduct regular cybersecurity training for staff members to avoid phishing scams. * Keep software up-to-date: Ensure all operating systems, apps, and browsers are patched with the latest security updates. * Back up data: Regularly back up critical files to an external drive or cloud storage service. What if you’re already a victim of Mimic Ransomware? * Don’t pay the ransom: There’s no guarantee that attackers will restore access to your files. * Contact authorities: Report the incident to local law enforcement and your organization’s IT department. * Restore from backups: If available, use backup data to recover your system.

The Mimic malware family has been identified as a type of ransomware, first detected in the wild in 2022. With numerous ransomware attacks on the rise, Mimic typically holds victims’ data hostage, demanding a hefty ransom payment in cryptocurrency to restore access.

Some variants of Mimic malware can potentially steal sensitive information from a user’s computer before encryption takes place, which is often leveraged as leverage by cybercriminals. This pilfered data may be used to extort victims by threatening to release it publicly or sell it on the dark web.

The Mimetic malware reutilizes code from the notorious Conti ransomware, a tool used by the Conti gang to assist Russia’s invasion of Ukraine. Although it’s challenging to pinpoint the exact origin of Mimic, its language patterns suggest a primary focus on engaging English and Russian speakers.

Unique to Mimic is its exploitation of the Application Programming Interface (API) from a genuine Windows file search tool, “Everything” by Voidtools, enabling rapid discovery of encrypted data.

Unfortunately, the Mimic ransomware does not require your laptop to have the All the things app installed to function effectively. Ransomware often arrives bundled with other malware, including applications designed to neutralize Windows Defender’s effectiveness and compromise Sysinternals’ Safe Delete software, which is employed to erase backups and thereby impede restoration efforts.

There isn’t much that Voidtools can do about this. The All Things app isn’t inherently flawed; rather, it’s being exploited by ransomware to rapidly accelerate the encryption process. Safe Delete, once a reliable safeguard against data loss, has been hijacked to clandestinely eliminate backup archives, compromising the integrity of stored information.

Files encrypted by the Mimic ransomware are typically appended with the “.QUIETPLACE” file extension. To quickly determine if you have files with that specific extension on your computer, you could utilize a tool like Everything. Mimic demands a ransom payment, threatening to release sensitive information unless paid US$3,000 worth of cryptocurrency. 

A newly discovered variant of Mimikatz, dubbed Elpaco, has emerged, enabling attackers to infiltrate systems via Remote Desktop Protocol (RDP) by successfully brute-forcing login credentials. According to safety consultants, the attackers had exploited vulnerabilities that enabled them to escalate their privileges seamlessly. 

Researchers have obtained reports of Mimic’s Elpaco variant from both Russia and South Korea.

Here are measures that may help prevent a ransomware infection from succeeding in your organization: