Bitcoin Ransomware Education – Uiwix

People who assumed WannaCry was the last ransomware to take advantage of NSA exploits are unfortunately sorely mistaken. A new type of ransomware is already making the rounds and infecting computers all over the world. Uiwix is a very real threat and should be considered as such. Interestingly enough, this ransomware also makes use of the EternalBlue SMB exploit.

Uiwix Ransomware Herald The Next Wave Of Global Attacks

It is anything but surprising to learn new ransomware types are making sue of the leaked NSA tools. Uiwix is no different in this regard, as it uses the exact same vulnerability exploited by the WananCry ransomware. Any victim of the WannaCry attack may want to take the necessary security precautions to avoid getting infected with Uiwix.

What this new type of ransomware does is encrypt computer files and appends its own unique file extension. Victims will also see a ransom note appear on their computer. Several victims have already reported this ransomware to ID-Ransomware in the hopes of getting files decrypted free of charge. So far, that is virtually impossible, as there do not appear to be any samples of this ransomware available to security researchers. It is possible they may need to set up a honeypot server to change that situation.

However, it looks like that situation may come to change very soon. An unrelated ransomware distribution campaign is effectively pushing the EternalBlue SMB exploit into the spotlight. In fact, it is possible the WannaCry attacks may be ultimately responsible for thwarting future attempts at trying to use the exact same exploit. That is, assuming security researchers can come up with a proper solution to fight SMB exploits and decrypt the ransomware in the end.

As most people should be aware of by now, the EternalBlue SMB exploit gives assailants access to vulnerable computers. Even though Microsoft has patched the SMB vulnerability in March of 2017, a lot of computers remain vulnerable to it. This is mainly due to system administrators not performing regular Windows updates, otherwise, the damage done by this exploit would have been a lot smaller. Moreover, some older versions of Windows are no longer supported and will not receive this patch.

Uiwix is distributed in the same manner as WannaCry, which is not surprising by any means. However, the Uiwix developers are apparently scanning for vulnerable computers and using a script to infect these machines. It also appears this ransomware is not written to disk, which is a rather shocking turn of events in the world of ransomware. Having malicious software reside in and operate out of the computer’s memory directly is very troublesome, to say the least.

For the time being, not much is known about Uiwix, other than there not being a free decryption option available right now. Victims are forced to make a Bitcoin payment of $200 if they want to have their files decrypted. No one would be surprised if a few dozen new types of ransomware come to market using the same EternalBlue exploit in the coming weeks. Now is the time to strike for cyber criminals, that much is evident.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.