A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection.
While this ransomware first spotted in August 2019 is known as Mailto based on the extension it appends to all encrypted files, according to the analysis of one of its decryptors the ransomware's authors
dubbed it NetWalker.
Following an attack disclosed in early-February, Mailto is not only targeting home users but it also attempts compromising enterprise networks and encrypting all of the Windows devices connected to it.
While there are a lot of malware families that use
process hollowing to create a process in a suspended state and then unmap and replace its memory with malicious code, the operators behind the Mailto ransomware use a different method of achieving the same result as
Quick Heal found.
