| Category | Details |
|---|---|
| Threat Actor/Family | Mimic ransomware family (possibly linked to Conti ransomware). |
| First Seen | 2022 |
| Ransom Demand | Payment in cryptocurrency for decryption key, typically around $3,000. |
| Data Exfiltration | Some variants exfiltrate data before encryption to be used as an additional extortion tactic. |
| Target Audience | Primarily targets English and Russian-speaking individuals. |
| Exploited Vulnerabilities | Exploits legitimate Windows tools like “Everything” (file search) and Sysinternals’ Secure Delete. |
| Methodology | Uses legitimate apps to accelerate file encryption, disables Windows Defender, and wipes backups. |
| File Extension | Encrypted files are given the extension “.QUIETPLACE”. |
| Tactics, Techniques, and Procedures (TTPs) | Abuse of legitimate software for malicious purposes, use of RDP brute-forcing, escalation via Zerologon vulnerability (CVE-2020-1472). |
| Noteworthy Characteristics | Mimic exploits the “Everything” tool for fast file location and uses ransomware to threaten with stolen data. |
| New Variant | Elpaco variant, targeting systems via RDP brute-force and exploiting Zerologon vulnerability. |
| Indicators of Compromise (IOCs) | Files with “.QUIETPLACE” extension, ransom note demanding cryptocurrency. |
| Source | Tripwire |
Read full article: https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply