A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10. RIPlace works by using the DefineDosDevice function to create a DOS device, such as \.RIPlace, that links to the file being encrypted. This DOS device is then passed as the target path for a Rename function, and as a. DOS device name are not expected, it returns an error, but the Rename call succeeds.
Source: https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/