Endpoint Protection

 View Only
  • 1.  UIWIX Ransomware

    Posted May 19, 2017 01:53 AM

    Hi Everyone,

    Just want to ask if symantec already aware with this new threat "UIWIX Ransomware".

    Please advise if SEP do have signature to this.

    Please find below link about UIWIX Ransomware

    http://www.hindustantimes.com/world-news/china-warns-windows-users-about-new-ransomware-like-virus-uiwix/story-QibDUENs0hs1B4TgD3RMmK.html

     

    Thanks and Regards,



  • 2.  RE: UIWIX Ransomware

    Posted May 19, 2017 07:49 AM

    I found a file hash but there are no detections yet per virustotal.



  • 3.  RE: UIWIX Ransomware

    Posted May 19, 2017 10:15 AM

    Additionally, it appears this may be the one you refer to. Here is Symantec's blog that was just released:

    https://www.symantec.com/connect/blogs/adylkuzz-cryptocurrency-miner-not-next-wannacry

     



  • 4.  RE: UIWIX Ransomware

    Posted May 19, 2017 10:47 AM

    Symantec is detecting this as 'Trojan Horse'

    https://www.virustotal.com/en/file/146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc/analysis/

    Probably just a generic name for now until they refine it.



  • 5.  RE: UIWIX Ransomware

    Posted May 20, 2017 12:52 AM

    Hi Brian,

    Thank you for providing above informations.

    Is adylkuzz are the same as UIWIX Ransomware?

    How about SEP IPS signatures? Are SEP IPS signatures used for WannaCry are the same signatures to protect endpoints from this new threat? (UIWIX)

     

    Regards,



  • 6.  RE: UIWIX Ransomware

    Posted May 20, 2017 08:09 AM

    Appears to be.

    No, there are two different sets of IPS sigs. Both ransomwares use the same exploit but are different.



  • 7.  RE: UIWIX Ransomware
    Best Answer

    Posted May 22, 2017 06:00 AM

    Hi NewOne19,

    Yes, this is one for whiich we have protection against known samples.  The threat you are asking about uses the same EternalBlue method to spread, but it is not WannaCry or Adylkuzz.

    Ransom.Uiwix
    https://www.symantec.com/security_response/writeup.jsp?docid=2017-051811-1414-99

    Please do ensure that you have all MS patches applied, in order to prevent these threats from functioning!

    Hardening Your Environment Against Ransomware
    https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware

     

     



  • 8.  RE: UIWIX Ransomware

    Posted May 22, 2017 09:02 PM

    Thank you very much gentlemen (Brian & Mick) for providing very helpful information. I appreciate all your help and consideration on this.



  • 9.  RE: UIWIX Ransomware

    Posted May 22, 2017 09:09 PM

    You're welcome.



  • 10.  RE: UIWIX Ransomware

    Posted May 23, 2017 05:38 AM

    Glad to assist! &: )

     

    Can you mark the thread solved so that it will be indexed fro future people searching for teh same answer?  It is still currently "Thread Needs Solution"