A cybercriminal named “mr. Guram,” affiliated with the notorious “Ramp” group, has launched Mimic v.10, a new Ransomware-as-a-Service (RaaS) program, allowing hackers and Initial Access Brokers (IABs) to distribute ransomware and extort victims. This advanced ransomware can target Windows, VMware ESXi, NAS (Network-Attached Storage), and FreeBSD systems, making it a serious threat to both enterprises and individuals. It deletes shadow copies and OS restore points to prevent recovery and encrypts files using RSA-4096 and ChaCha20 encryption, making decryption nearly impossible without paying the ransom. Mimic v.10 also steals network passwords, bypasses User Account Control (UAC), and erases forensic traces after encryption. Its multi-threaded file encryption can be customized by attackers, allowing them to prioritize certain file types and control encryption speed. Additional “services” offered include phone calls to victims for negotiations, NTLM and Kerberos hash decryption, and support for large-scale cyberattacks. Affiliates joining the program must remain active, or their accounts are banned. This ransomware was first detected in June 2022 and is believed to be based on Conti ransomware’s leaked source code. The initial wave of attacks has focused on India, targeting businesses and individuals. The ransomware decryption service is priced at $800 per ID, and communications are handled via Tox, Telegram, and email. Security experts warn that this RaaS model will likely increase attacks globally. Organizations must strengthen cybersecurity defenses, ensure backups, and deploy advanced security solutions to mitigate the risks posed by Mimic v.10 and similar ransomware threats.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
