The original WannaCry ransomware may have been shut down but the cyberattack pandemic is far from over. While experts have stated that new variants of WannaCry have been seen in the wild, another similar malware name Uiwix is lurking around and it may be far more lethal than WannaCry.
In its latest report, HeimdalSecurity says Uiwix exploits the same the vulnerabilities found in Windows SMB v1 and SMB v2 that WannaCry did. Why it is more dangerous is because the strain does not include kill switch domain at all like WannaCry did.
How does it work?
Uiwix works like most ransomware variants where hackers hijack a user's system and prevent access to it until the user pays up the demanded amount in bitcoins.
" ALL YOUR PERSONAL FILES ARE DECODED," appears on the screen followed by a claim that says you can get them back but will need to buy a special software. It warns not to try and use a decryptor else the files may break.
It then provides a set of instructions that ultimately leads to a Tor browser where users are given a link to open. The link directs the user to a payment gateway asking for a bitcoin payment of 0.11943 corresponding to about $218 (£168).
How to stop it?
Like WannaCry, there is no decryptor and neither can attacks be stopped if they start. The only way to stay safe is to take preventive measures and update your Windows systems. To do that, read our safety advisory here.
Its not just Uiwix though. The newer variants of WannaCry are also out but no concrete study of any affected systems have been made so far. Experts have warned hackers could next exploit mobile platforms like Android and iOS vulnerabilities to spread more cyber carnage.