Ransomware Exploits Everything Windows Search Tool: How To Avoid It?

Don't install apps from shady websites!

Microsoft Spots A TikTok Bug That Could Compromise Your Private Videos
Image: Wordpress library

Ransomware attacks are most brutal because they encrypt all your system files and put a bold note asking for ransom, which is not even feasible for a normal user. Researchers at Trend Micro have found one such ransomware trace that disguises itself as a crucial installation file in the Everything app setup.

It then latches on to the search functionality of the app and uses it to find and encrypt all the files on the target system. Once done, it becomes next or impossible to remove this app, and if it happens on your office computer, you will have to bow down to the attacker’s demand.

How does the new ransomware affect Everything app users?

Everything app can scan and display all the files present in your system. The ransomware uses that feature to locate all the files on your system. Moreover, it takes control to perform the following tasks:

  • Collecting system information
  • Bypassing User Account Control (UAC)
  • Disabling Windows Defender
  • Disabling Windows telemetry
  • Activating anti-shutdown measures
  • Activating anti-kill measures
  • Unmounting virtual drives
  • Terminating processes and services
  • Disabling sleep mode and shutdown of the system
  • Removing indicators
  • Preventing system recovery

It specifically targets Russian and English-speaking users. By getting hold of a bunch of core features to modify system behavior, it can gain complete control of the user’s system. If you fail to comply with the demands, you may lose all your system files.

But how to check if the Everything app is safe? Researchers shared that attackers usually send the infected program download links via email. Users download and run the executable without scanning it and end up with ransomware on their system.

Image: Trend Micro

A great way to avoid this is by using the Windows 11 sandbox feature. You can download and run any program or app in the Sandbox and test it out. If the defender flags it as potential malware, remove the file from your system. Always use the official website to download a third-party app and check reports for any recent malware attacks.

Abhishek Mishra

Abhishek Mishra

I love exploring technology and devote my time to curating detailed posts and supplying credible information to inquisitive users. I wish I had some spare time to play a few RPGs or clean my desk.
More From Fossbytes

Latest On Fossbytes

Find your dream job