UIWIX Ransomware
Posted: May 11, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 14,984 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 581 |
| First Seen: | May 11, 2017 |
|---|---|
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
The UIWIX Ransomware is a Trojan that tries to block your files by encoding them with a potentially unbreakable cipher, which it exploits for delivering ransom demands. However, the administrators of file-encrypting Trojan campaigns don't always give up their purchased decryption service, and malware experts advise backing up your files for protecting your media. Otherwise, various anti-malware products may delete the UIWIX Ransomware during its introduction to your system.
A Ransom with a Foundation in Web Design
One can determine something of the experience and professionalism of a set of threat actors by some of the supporting elements in their attack campaigns. For deploying file-encrypting Trojans, in particular, how they demand a ransom often is key to identifying the threat and, ideally, even repairing any damaged files. The inclusion of a custom website is a common factor malware experts are seeing more regularly in the past months, such as evidenced by the newly-identified the UIWIX Ransomware.
While other sources are reporting of the UIWIX Ransomware's using AES for attacking the files of any victims, malware analysts have yet to verify this or determine if the Trojan has relationships with preexisting families. It does launch encryption attacks that are capable of blocking files of certain formats or in certain locations, such as text documents or the contents of the desktop. No symptoms of the attack are visible until afterward when the UIWIX Ransomware drops its ransom message necessarily.
The UIWIX Ransomware delivers its ransom demands via Notepad text, which contains limited information in English, besides the user's custom ID and several links to its TOR-anonymous website. The site provides a login form with details on transferring 200 USD in Bitcoins to the threat actor's wallet. Theoretically, once the payment processes, the victim can click another button in the panel to decrypt their files. Malware experts also note that the cash amount and Bitcoin wallet address both appear to be adjustable, which is one of the several indicators that the UIWIX Ransomware could be part of a RaaS campaign.
Keeping Your Files Anonymous from Hiding Extortionists
It's no accident that the UIWIX Ransomware uses both Bitcoins and the modern descendant of the Onion Router for processing any ransoms it might provoke; fraudsters using such measures can protect their identities and infrastructure from many forms of regulatory backlash or penalization. For the victim who pays, the UIWIX Ransomware could take their money and not give them a decryptor necessarily. Preventing file-encrypting Trojans of all types from damaging your data is most directly possible through backing up copies of your media to another drive or server.
Although the Trojan shows all appearances of being fully operational, malware experts can't corroborate any attacks using the UIWIX Ransomware in a live environment. It may compromise your PC through e-mail attachments or other methods, such as browser-based Flash updates of threats like the ThunderCrypt Ransomware. Web surfers should mind their browsers' security settings and use anti-malware products for removing the UIWIX Ransomware as soon as another threat tries to install it.
The simplicity and limited information of the UIWIX Ransomware's interface may be either laziness or an intentional strategy from its threat actors. Whichever it might be, you should try every other recourse before paying the con artist who locked your files to give them back to you.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.