Malware, Ransomware

UIWIX ransomware is not a WannaCry wannabe


The success the Wanacrypt0r/WannaCry actors have had leveraging MS17-010, or EnternalBlue, has caused others to jump on the bandwagon, but just because the same vulnerability is being utilized does not mean the same malware is involved.

Trend Micro researchers are taking a stand against the published reports stating UIWIX ransomware is the new WannaCry when, in fact, the only thing it has in common with Wanacrypt0r is its threat vector.

“So how is UIWIX different? It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don't entail writing actual files/components to the computer's disks, which greatly reduces its footprint and in turn makes detection trickier,” Trend Micro researchers wrote.

Another differentiating factor is UIWIX is stealthier and will terminate itself if it detects a sandbox or virtual machine, something beyond Wannacry's capabilities. An extra power UIXWIX does have is the ability to gather the infected system's browser login, File Transfer Protocol (FTP), email, and messenger credentials.

On the flip side UIWIX does not have a kill switch so there is no way the malicious actor could stop it if it spreads uncontrollably. 

Source: Trend Micro

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.