A new strain of ransomware named Mimic has been uncovered recently by security experts at Trend Micro in June 2022. Mimic takes advantage of the APIs of the ‘Everything’ a file search tool for Windows to search for files to encrypt.
Users who speak English or Russian appear to be the main targets of the malware. There are similarities between some of the code in Mimic and the code found in Conti, whose source was leaked to a Ukrainian researcher in March 2022.
Mimic is a sophisticated malware, with a range of abilities including the elimination of shadow copies, shutting down various applications and services, and exploiting the Everything32[.]dll functions to identify files for encryption.
The initial stage of a Mimic ransomware attack involves the victim receiving an executable, likely through email. On the target system, the executable extracts a total of four files, which include:
Mimic is a highly adaptable strain of ransomware that can target specific files using command-line arguments and it has the ability to encrypt data at a faster rate by utilizing multiple processor threads.
Here below we have mentioned the components of Mimic:-
There are several different capabilities that the new ransomware family possesses that are seen in modern strains of ransomware.
Here below we have mentioned all the capabilities of the Mimic ransomware:-
Mimic ransomware uses a tactic of shutting down processes and services to remove any security barriers and gain access to crucial information.
Mimic malware employs the search function of ‘Everything’ by utilizing the ‘Everything32[.]dll’ file dropped during the initial infection, to scan the infected system for specific file names and types.
The use of ‘Everything’ allows Mimic to identify files that are suitable for encryption, without risking the locking of system files that could cause the system to become unbootable.
Mimic’s algorithm meticulously scours through all files, precisely identifying those that are suitable for encryption while skillfully bypassing any system files that could potentially cause the system to fail during startup.
Here below we have presented the Mimic ransomware config:-
In the case of encrypted files, the file extension of the encrypted files is “.QUIETPLACE”.
The perpetrator leaves a message as a ransom note, demanding payment in Bitcoin in exchange for the safe return of the locked data, with instructions on how to proceed with the transaction.
The emergence of Mimic, a novel variant, has yet to be fully evaluated in terms of its actions, however, the utilization of the Conti builder and the Everything API demonstrates that the creators possess a proficient level of software development expertise and a solid comprehension of their objectives.
Network Security Checklist – Download Free E-Book
The NPM package repository remains active, and despite a decline in malware numbers between 2023…
In a startling revelation, a new report indicates that three out of four enterprise users…
Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a…
In mid-March 2025, cybersecurity researchers uncovered "Operation ForumTroll," targeting Russian media outlets and educational institutions.…
CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks.…
A sophisticated cyberattack campaign attributed to the North Korean Advanced Persistent Threat (APT) group Kimsuky…