back to article Ransomware fear-flinger Uiwix fails to light

A ransomware variant, dubbed Uiwix, that abuses the same vulnerability as WannaCrypt has turned out to be something of a damp squib. Uiwix omits the kill switch domain that was instrumental in shutting down the spread of WannaCrypt while retaining its self-replicating abilities, Danish security firm Heimdal Security warned on …

  1. Pascal Monett Silver badge

    Just one question . . . well, a few questions

    How do you "run an exploit manually" ? Does that mean remote command of an infected computer ? How do you do that without getting traced ?

    In any case, it seems that the Uiwix crew let the creature out of the barn a bit too soon. Yet, it's hopefully already too late because, if it uses the same attack vectors as WannaCrypt, well those are getting patched up right now, so it would've been a damp squib anyway. Right ?

    1. quxinot

      Re: Just one question . . . well, a few questions

      Sounds like one of my ex's.

      Nothing to see here....

    2. CrazyOldCatMan Silver badge

      Re: Just one question . . . well, a few questions

      How do you "run an exploit manually"

      Either do the port-scanning yourself an then try to run the exploit against any exposed port 445 that you see or write a script that does it.

      The difference is that the wc version had that capability built-in so the cracker only needed to get one vulnerable host per network for it to spread. Since this latest version doesn't appear to have the code to do that scanning & exploiting itself, then the cracker needs to wait until they have an infection before (presumably) using the tor control channel to manually scan and infect vulnerable machines.

      Which means a much-much lower rate of spread, since each infection has to be done manually.

      And I find your faith in the likelihood of patches being applied quite.. touching.

  2. southpacificpom

    Must get my eyes checked. I thought the headline said something about unix ransomware...

  3. Jared25

    My computer has been infected with UIWIX ransomware. Where can i send the infected files so someone could take a look at them??

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like