Uiwix, yet another ransomware like WannaCry – only more dangerous
In the last few days, the internet has been caught off guard with numerous updates being posted regarding the sprawling effects of the WannaCry ransomware that exploited the vulnerabilities in Microsoft’s Windows operating system to hack more than 75,000 computers and counting last Friday.
Nevertheless, it seems like the worst is yet to come. In a recent report by HeimdalSecurity, another ransomware, going by the name of Uiwix, has emerged, which is exploiting the vulnerabilities found in Windows SMB v1 and SMB v2.
Is Uiwix similar to WannaCry?
Experts say that they have found traces of WannaCry in Uiwix. However, this does not mean that this ransomware is one and the same. Unfortunately, unlike WannaCry, Uiwix cannot be stopped from spreading just by registering a domain.
That is, previously, security experts were able to restrain the spread of WannaCry and its variant by registering the domain through which the ransomware was spreading. However, with Uiwix, this does not seem to be an option. Hence, it is safe to say that Uiwix is far more dangerous than WannaCry.
How does it work?
Uiwix works just like WannaCry by hijacking a user’s system altogether and preventing access to it until the user has paid the demanded amount of money. Also, the payment is demanded in bitcoins, and with the current exchange rate, the bitcoins demanded are equivalent to USD 218.
Uiwix ransomware note
How to fix the problem?
Since Uiwix cannot be stopped like WannaCry, the only way to contain the virus is to fix the vulnerability that appears to be present in Windows.
Attackers are easily able to exploit these vulnerabilities in a network if it’s enabled because, even when the system uses SMB v2 or v3, if the attacker can downgrade the communication to SMB v1, he can exploit the system. This is where the man-in-the-middle attack of a Windows SMB v1-enabled system can become an issue, even if it’s not being used, said Andra Zaharia of Heimdal Security
How did Uiwix initiate?
It is quite surprising to have two similar ransomware exploiting the same vulnerability to appear twice so quickly. The only explanation is that the vulnerabilities in Windows software have not been fixed yet.
What is more surprising though, is that the security experts had been raising the issue with regards to these vulnerabilities in the past and the relevant companies had taken no action. Perhaps, this is because fixing the vulnerability calls for the relevant companies to collaborate extensively and share the resources to remove the flaw. Up till now, such collaboration has not been seen.
Prevention is better than cure
Given that the virus cannot be stopped as of now, the only way to protect yourself is to take some preventive precautions to avoid any trouble in the future. As such, experts warn that connecting your PC to a public WiFi spot and then initiating a VPN connection can spread the virus more severely. Hence, this is to be avoided at all costs.
Also, follow the below-mentioned steps:
- Do not open an unknown email
- Do not download files from an unknown email
- Do not click files from an unknown email
- Avoid visiting malicious sites
- Do not download software and apps from a third-party store/website
- Show hidden file extensions
- Keep your system updates
- Make sure you are using a reputable security suite
- Back up your data
- Use System Restore to get back to a known-clean state
The best defense against ransomware attacks is keeping a backup of your data. Apart from that, it is advised that users keep their systems updated with the latest security fixes released by Microsoft.