Skip to main content

Uiwix Ransomware

A new ransomware called Uiwix has been discovered which is spreading using the same Server Message Block (SMB) vulnerability as WannaCry ransomware (CC-1411).
Threat ID:
CC-1418
Category:
Ransomware
Threat Severity:
Medium
Threat Vector:
Insecure network
Published:
18 May 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A new ransomware called Uiwix has been discovered which is spreading using the same Server Message Block (SMB) vulnerability as WannaCry ransomware (CC-1411).

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows - All Versions

Threat details

A significant difference is that Uiwix does not include a 'kill-switch' as well as not implementing the worm spreading capability that was seen in WannaCry.

As with WannaCry, it is imperative that the MS17-010 patches are applied as soon as possible.

Once the encryption process begins, it will add ‘.uiwix’ extension to the files. Similarly to WannaCry, the user will be asked make a Bitcoin payment in order to retrieve their encrypted files. At the time of publication, no payments have been made to the attacker's Bitcoin wallet.

 

Remediation steps

Type Step
For full remediation, see WannaCry ransomware (CC-1411)

Last edited: 17 February 2020 11:40 am