What is in news?
Chinese authorities warned computer users of the risk of a new cyber attack by a “UIWIX” virus, similar to WannaCry ransomware that has affected over 150 countries since it was detected last week, causing widespread panic.
Both viruses use security holes in the Microsoft Windows operating systems to rename files and encrypt them in order to limit users from accessing the computer or files unless they pay a ransom
UIWIX is a ransomware?
UIWIX is a ransomware which secretly enters in your system and hijacks or encrypts various files and folders resulting in stealing your important data and leaking it.
The WannaCry ransomware attack?
The WannaCry ransomware attack is an ongoing worldwide cyberattack by the WannaCry ransomware cryptoworm which targets computers running the Microsoft Windows operating system, encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The attack started on Friday, 12 May 2017, and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.
The worst-hit countries are reported to be Russia, Ukraine, India and Taiwan, but parts of Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx, Deutsche Bahn, and LATAM Airlines were hit; along with many others countries & companies worldwide
WannaCry spreads across local networks and the Internet to systems that have not been updated with the most recent security updates, to directly infect any exposed systems.
To do so it uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA) which was released by The Shadow Brokers two months before,
A “critical” patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack,but many organizations had not yet applied it.
Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but Microsoft has now taken the unusual step of releasing updates for these operating systems for all customers.
Shortly after the attack began, a web security researcher who blogs as “MalwareTech” unknowingly flipped an effective kill switch by registering a domain name he found in the code of the ransomware. This slowed the spread of infection, but new versions have now been detected that lack the kill switch.