Bitcoin Ransomware Education – Uiwix

People who assumed WannaCry was the last ransomware to take advantage of NSA exploits are unfortunately sorely mistaken. A new type of ransomware is already making the rounds and infecting computers all over the world. Uiwix is a very real threat and should be considered as such. Interestingly enough, this ransomware also makes use of the EternalBlue SMB exploit.

Uiwix Ransomware Herald The Next Wave Of Global Attacks

It is anything but surprising to learn new ransomware types are making sue of the leaked NSA tools. Uiwix is no different in this regard, as it uses the exact same vulnerability exploited by the WananCry ransomware. Any victim of the WannaCry attack may want to take the necessary security precautions to avoid getting infected with Uiwix.

What this new type of ransomware does is encrypt computer files and appends its own unique file extension. Victims will also see a ransom note appear on their computer. Several victims have already reported this ransomware to ID-Ransomware in the hopes of getting files decrypted free of charge. So far, that is virtually impossible, as there do not appear to be any samples of this ransomware available to security researchers. It is possible they may need to set up a honeypot server to change that situation.

However, it looks like that situation may come to change very soon. An unrelated ransomware distribution campaign is effectively pushing the EternalBlue SMB exploit into the spotlight. In fact, it is possible the

Related Post
WannaCry attacks may be ultimately responsible for thwarting future attempts at trying to use the exact same exploit. That is, assuming security researchers can come up with a proper solution to fight SMB exploits and decrypt the ransomware in the end.

As most people should be aware of by now, the EternalBlue SMB exploit gives assailants access to vulnerable computers. Even though Microsoft has patched the SMB vulnerability in March of 2017, a lot of computers remain vulnerable to it. This is mainly due to system administrators not performing regular Windows updates, otherwise, the damage done by this exploit would have been a lot smaller. Moreover, some older versions of Windows are no longer supported and will not receive this patch.

Uiwix is distributed in the same manner as WannaCry, which is not surprising by any means. However, the Uiwix developers are apparently scanning for vulnerable computers and using a script to infect these machines. It also appears this ransomware is not written to disk, which is a rather shocking turn of events in the world of ransomware. Having malicious software reside in and operate out of the computer’s memory directly is very troublesome, to say the least.

For the time being, not much is known about Uiwix, other than there not being a free decryption option available right now. Victims are forced to make a Bitcoin payment of $200 if they want to have their files decrypted. No one would be surprised if a few dozen new types of ransomware come to market using the same EternalBlue exploit in the coming weeks. Now is the time to strike for cyber criminals, that much is evident.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

2 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

3 hours ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

3 hours ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

9 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

14 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

20 hours ago