UIWIX Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 14,647 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 248 |
| First Seen: | May 11, 2017 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
The UIWIX Ransomware is a Trojan that will extort victim by encrypting their files and then requiring the payment of a ransom in exchange for the decryption key. The UIWIX Ransomware's preferred targets are networks protected poorly, servers, and online shopping websites using certain shop platforms. The UIWIX Ransomware may be delivered by taking advantage of software vulnerabilities and computers protected poorly and remote desktop connections. The UIWIX Ransomware will use a strong encryption algorithm to make the victim's data inaccessible. The UIWIX Ransomware then demands the payment of a ransom by delivering a text file named '_DECODE_FILES.txt' with instructions on how to proceed. The UIWIX Ransomware has been observed in infections of computers running the Windows Server 2008 with exploitable vulnerabilities. Currently, PC security researchers are studying the UIWIX Ransomware infection process and threat campaign to help protect computer users from this attack.
How the UIWIX Ransomware may Generate Profit to Its Developers
The UIWIX Ransomware does not seem to belong to a larger family of ransomware Trojans, looking more like a threat that has been created independently. However, the UIWIX Ransomware does behave in a way similar to many of the already established ransomware Trojans. The UIWIX Ransomware attack has three stages:
- The UIWIX Ransomware scans the infected computer and creates an index file containing the locations and names of all the files that will be encrypted. The UIWIX Ransomware targets user generated files with certain file extensions.
- The UIWIX Ransomware will use a strong encryption method to make the file inaccessible, using the AES-256 encryption to encrypt the victim's files. The UIWIX Ransomware connects to its Command and Control server, storing the decryption key remotely, away from the victim's security software.
- After the victim's files have been encrypted successfully, the UIWIX Ransomware notifies the victim of the attack. Currently, the UIWIX Ransomware is demanding the payment of 0.12261 BitCoin (approximate $230 USD at the current exchange rate). The UIWIX Ransomware displays this information in a ransom note contained in a text file dropped on the infected computer.
The files encrypted by the UIWIX Ransomware attack are simple to identify because the file extension '._[10 RANDOM DIGITS].UIWIX' will be added to each affected file's name. The UIWIX Ransomware displays its ransom note in a text file named '_DECODE_FILES.txt' that contains the following message:
'>>> ALL YOUR PERSONAL FILES ARE DECODED <<< Your personal code: [10 RANDOM DIGITS] To decrypt your files, you need to buy special software. Do not attempt to decode or modify files, it may be broken. To restore data, follow the instructions! You can learn more at this site: h[tt]ps://4ujngbdqqm6t2c53[.]onion.to h[tt]ps://4ujngbdqqm6t2c53[.]onion.cab h[tt]ps://4ujngbdqqm6t2c53[.]onion.nu If a resource is unavailable for a long time to install and use the tor browser. After you start the Tor browser you need to open this link h[tt]p://4ujngbdqqm6t2c53[.]onion'
When victims follow the instructions on the UIWIX Ransomware ransom note, they will be greeted with the following instructions for carrying out payment:
'To get the program to decrypt files You need to pay: 0.12261 BTC (~200$)
How to pay?
B bitcoin
1. You should click Here to find out how to sign up for a Bitcoin wallet.
2. Buying Bitcoin is getting simpler every day, See the below for ways to buy Bitcoin:
• coincafe.com - Recommended for fast, simple service.
Payment methods: Western Union, Bank of America, Cash by FedEx, Moneygram, Money Order
• btcdirect.eu - The best place for Europe
• other - Or any other convenient for you service
3. Send 0.12261 BTC to Bitcoin address: 17cykEkQpskcvCoPjP3C6PzCeWPRmnjHi2
4. Ensure your payment information and then Click 'Check Payment'
[Check Payment]'
Dealing with the UIWIX Ransomware
Unfortunately, it may not be possible to recover the data that was compromised in the UIWIX Ransomware attack. This is why computer users should have good backup methods for their data – these attacks are becoming common increasingly, accounting for the vast majority of threat infections today. Server and website administrators are advised to ensure that their computers are well-protected against intrusion by strong security software, unbreakable passwords, and the latest security updates and patches.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.