A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection. Ransomware is not only targeting home users but it also attempts compromising enterprise networks and encrypting all of the Windows devices connected to it. The malware gains persistence on the compromised device by adding a registry RUN entry and deletes system shadow copies to prevent the victims from restoring their data after encryption. It is not yet known if there are any weaknesses in its encryption algorithm that could be used to decrypt locked files for free.
Source: https://www.bleepingcomputer.com/news/security/windows-explorer-used-by-mailto-ransomware-to-evade-detection/