UIWIX Ransomware is a another vicious ransomware used for encrypting files or documents on the targeted system. Encryption implies that all your files cannot be run or open until they are decrypted. This ransomware is very harmful which makes your data unreadable. The vicious ransomware aims to extort money from the user after encrypting the files and states that payment to this ransomware is required in exchange of decryption key. The preferred targets for this malware are generally networks protected poorly, servers and online shopping websites. It can also take advantage of computer protected poorly and remote desktop connections, software vulnerabilities and other vulnerabilities. It encrypts the data in stealthily manner and appends the filename with an extension “._[victim’s id].UIWIX” extension. Suppose you have filename “file.jpg” which will be changed to “file.jpg._2314324583.UIWIX” after encryption.
This ransomware is found to have make their way into the computer through flaws in Windows SMBv1 and SMBv2. The encryption cipher used by hackers to corrupt the files of the target users is AES-256 encryption cipher. As UIWIX Ransomware accomplishes its task of encrypting the files, it creates a text file named as “_DECODE_FILES.txt” which contains ransom demand message. This note states that all your files have been encrypted using an encryption key and you can decrypt the file only by a decryption and for that you need to buy the decryption key after paying the demanded amount to the given email id. The ransom note looks like :
How Does UIWIX Ransomware Generate Profit To Its Creators?
The behavior of UIWIX Ransomware is almost similar to already present ransomware but this ransomware has three stages of its processing. These are –
- It scans the compromised system first then creates an index file which contains all the names and locations of files that will be encrypted. The ransomware tends to target some specific file extensions.
- The noxious ransomware make use of AES-256 encryption algorithm to encrypt victim’s file. It connects to its Control server and Command, where it stores its decryption key remotely away from victim’s security software.
- After the successful encryption of the user’s file, the ransomware notifies the victims about the attack. The demanded money is around 0.12261 Bitcoin (which equals to $230 USD at the current exchange rate). Because of the file extension ‘._[10 RANDOM DIGITS].UIWIX’ attached to the files, the encrypted files are easily identified.
Some Various UIWIX Ransomware Distribution Techniques
There are various methods by which UIWIX Ransomware distribute itself. Some of them are :
- Spam email – cyber crooks create and coordinate mass email campaigns to carry out ransomware attack. These attempts include social engineering tricks which triggers malware attack.
- Direct hacker attacks – another way to target user’s computer is to launch automated vulnerability testing attacks.
- P2P networks – some file sharing networks like BitTorrent that are popular for spreading pirated content can lead to UIWIX Ransomware infection.
The effect can be harmful and dangerous for compromised system. It can ruin all the functions of the computer and corrupt important data and files. Apart from this, it may lead to freezing or hanging of system for a while. Applications will not respond.
Getting Rid Of UIWIX Ransomware
Get Rid Of UIWIX Ransomware From Task Manager
- Open Task Manager by pressing “Alt + Ctrl + Del” keys together.
- Then in the Process tab, select the malicious processes running.
- Click on End Task button.
Get Rid Of UIWIX Ransomware From Control Panel
- Open run dialog box by pressing “Win + R” keys together.
- Type ‘control panel’ in the box and hit Enter key.
- Choose Uninstall a Program option.
- Select unwanted programs and click Uninstall button.
Get Rid Of UIWIX Ransomware From Registry Entry
- Press “Win + R” keys to open run dialog box.
- Type ‘regedit’ in the box.
- Find out malicious entries and delete them.