UIWIX Ransomware too exploiting SMB Vulnerabilities in Computer Systems

Barely, has the fear about WannaCrypt Ransomware subsided, comes the news that even before WannaCrypt, there was this UIWIX Ransomware that was also exploiting SMB Vulnerabilities.  The newly discovered malware assigns a unique machine ID to each infected computer by encrypting all of its data and renaming it with the “._.UIWIX file extension”.

UIWIX Ransomware exploits SMB Vulnerabilities


Following the infection and encryption process, the UIWIX file virus drops behind a ransom note, named as “_DECODE_FILES.txt”. The ransom-demanding message prompts the victim to transfer 0.12261 Bitcoins by entering a Tor-based website. Here’s a snapshot of it given below.

Your personal code: [% unique ID%]
To decrypt your files, you need to buy special software.
Do not try to decode or modify files, it may be broken.
To restore data, follow the instructions!
You can learn more at this site:
https://4ujngbdqqm6t2c53.onion [.] two
https://4ujngbdqqm6t2c53.onion [.] cab
https://4ujngbdqqm6t2c53.onion [.] Now

After you start the Tor browser you need to open this link http  //4ujngbdqqm6t2c53[.]onion

The modus operandi of the trojan is similar to other ransomware i.e., it encrypts the files of the victim and asks them to pay a ransom in exchange for the decryption key. The payment gateway charges 0.11943 Bitcoins which is equivalent to $218.

Even if the payment is transferred, there is no guarantee in this case as the attacker may take your money while still leaving you with all your files still encrypted.

This ransomware attack has become so extensive because it abuses various security holes in Windows SMBv1 and SMBv2, which most users have left unpatched, in spite of the critical update released by Microsoft in March 2017, says Heimdal.

The only way to mitigate this emerging threat at the moment is to patch the affected operating systems and keep the anti-virus protection ‘ON’ against it.  This is the most tried and tested method to avoid damages from Ransomware attacks.

Posted by with Tags
The author Hemant Saxena is a post-graduate in technology and has an immense interest in following Microsoft and other technology developments around the world. Quiet by nature, he is an avid Lacrosse player.