Ransomware Attack Vector

[gablearcade]

A Neowin article dated 1/26/23 has listed Everything as being an attack vector for Mimic ransomware according to Trend Micro. See article: https://www.neowin.net/news/new-ransomw ... verything/

I like the program with the speed it gets the information I need from my system. I have been using the program for several months, evaluating its use for deployment, however I can't do that with the propensity of users to click on links they should not. I can't risk compromising our network systems by some idiot that needs to check out some link to a "package" that can't be delivered.

As this article is three months old, has this issue been reported, and is there any movement of fixing the issue?

[therube]

FYI:New Mimic ransomware abuses ‘Everything’ Windows search tool

Also note that the malware is not "using" the Everything you have on your computer, but rather using Everything functionality in its' malware which happens to include Everything.dll [which is available to all]. And even if Everything.dll were not available or didn't even exist, there are other means to the same end, just not as efficient.

[gablearcade]

Thanks. I tried looking through the General forum, but it appears I did not go back far enough. Glad to see the issue has already been noted. Hopefully a way to block the ransomware can be found.

[ChrisGreaves]

FYI:New Mimic ransomware abuses ‘Everything’ Windows search tool

I note too that "Mimic ransomware attacks begin with the victim receiving an executable, presumably via email, ..." which in human terms means that the ransomware targets people who click on an executable that they receive by email.
That is, the target is humans who blindly click on anything that "might be interesting"

Cheers, Chris

[void]

Everything is not being used as an attack vector.

The attacker is installing Everything on an already infected PC.