Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry

Andra Zaharia

From Heimdal
Thread author
Verified
Jun 29, 2015
104
As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

As expected, this strain does not include a killswitch domain, like WannaCry did.

We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
The ransomware's business is huge: it probably may have reached a billion dollars. The "probably" is caused by the fact that not all the affected users denounce what has happened and often they pay out without informing the authorities.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

As expected, this strain does not include a killswitch domain, like WannaCry did.

We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.

Thank you for the update!
What is VT detection of Uiwix?
Do you have the SHA?
Thank you
 
  • Like
Reactions: vemn and harlan4096

Peter2150

Level 7
Verified
Oct 24, 2015
280
Hi Andra

Just a heads up. That Microsoft scanner mentioned in one of your alerts, is not reliable. I scanned my win 7 system as over the years I have hidden many updates. The scanner found all of them and reported them. I wasn't surprised. So I went into windows updates, and used the restore hidden udpates. That found none. Since I've done several off the rollup updates, my system reports it is up to date. It would appear that the rollup updates cleans stuff out. Makes that Microsoft tool of dubious value.

Pete
 
  • Like
Reactions: vemn

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The possible killswitch is not on ransomware but through the Worm itself as it will spread through network.

Very clever to see that ransomware are packed to target security holes rather usual execution, and unfortunately many systems are not up to date or even migrating to Linux for long term safe environment.
 
  • Like
Reactions: vemn

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top