Researchers warn over new Uiwix strain.
Miscreants have launched a ransomware worm variant that abuses the same vulnerability as the infamous WannaCrypt malware.
Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn’t include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute.
“As far as I know there’s only been two variants (one this morn) and none without [a kill]switch,” security researcher Dave Kennedy told El Reg. Other researchers, including Kevin Beaumont, are also telling us they haven’t yet seen a variant of WannaCrypt without a kill switch.
What isn’t in question is that follow-up attacks based on something similar to WannaCrypt are likely and that systems therefore really need protecting. Black hats might well create a worm that attacks the same Windows vulnerability more stealthily to install a backdoor on the many vulnerable systems still out there, for example.
The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities that relied on a recently patched vulnerability in Microsoft’s SMB file-sharing services (MS17-010). WannaCrypt used a purloined EternalBlue exploit originally developed by the US National Security Agency before it was leaked by the Shadow Brokers last month.