Andra Zaharia

From Heimdal
Verified
As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

As expected, this strain does not include a killswitch domain, like WannaCry did.

We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.
 

Solarquest

Moderator
Verified
Staff member
Malware Hunter
As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

As expected, this strain does not include a killswitch domain, like WannaCry did.

We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.

Thank you for the update!
What is VT detection of Uiwix?
Do you have the SHA?
Thank you
 

Peter2150

Level 7
Verified
Hi Andra

Just a heads up. That Microsoft scanner mentioned in one of your alerts, is not reliable. I scanned my win 7 system as over the years I have hidden many updates. The scanner found all of them and reported them. I wasn't surprised. So I went into windows updates, and used the restore hidden udpates. That found none. Since I've done several off the rollup updates, my system reports it is up to date. It would appear that the rollup updates cleans stuff out. Makes that Microsoft tool of dubious value.

Pete
 

jamescv7

Level 85
Verified
Trusted
The possible killswitch is not on ransomware but through the Worm itself as it will spread through network.

Very clever to see that ransomware are packed to target security holes rather usual execution, and unfortunately many systems are not up to date or even migrating to Linux for long term safe environment.
 
Top