Researchers: Ransomware touted as more dangerous version of WannaCry isn't

Researchers: Ransomware touted as more dangerous version of WannaCry isn't
© Getty Images

Researchers at IT security company Trend Micro say warnings that the Uiwix ransomware could be a more dangerous version of WannaCry might be inaccurate, according to a new report.

Uiwix is, in many ways, a better-written version of WannaCry. It uses the same vulnerability in Windows, known as EternalBlue, but lacks the "killswitch" coding error that allowed an anonymous researcher to slow the malware's spread. On Sunday, Danish firm Heimdal Security announced: "Uiwix Ransomware Is Here And It Can Be Worse Than WannaCry." 

But Uiwix is different in a critical way that limits the amount of damage it can do, Trend Micro reports. While WannaCry is a worm — a self-replicating program that finds and infects new computers without human involvement — Uiwix is not. WannaCry infects computers with exponentially growing speed, while Uiwix is more staid. 

"We aren't seeing this spread with nearly the same rate as WannaCry," said Mark Nunnikhoven, vice president of cloud research for Trend Micro. 

Other findings in the report note that Uiwix does a better job limiting whether researchers can investigate it, detecting safe environments for opening suspicious programs known as sandboxes. It also blocks computers in Russia, Kazakhstan and Belarus from installing the software, which Nunnikhoven said usually means it wants to prevent researchers, governments or rival ransomware operations from analyzing the software in those regions. 

Unlike WannaCry, Uiwix is fileless, meaning it doesn't place any files on an infected computer. Fileless malware is harder to detect. 

Though WannaCry quickly spread, impacting hospitals, large companies and government computers around the world, coding flaws appear to have hampered its success. WannaCry has only extorted around $80,000 total. That is a far cry from other ransomware varieties. In 2015, CryptoWall raked in nearly $1 million a day.

"In some ways, it's a good thing that WannaCry came first, in that it wasn't as well written," said Nunnikhoven. 

"It could have been much worse. People are now aware of EternalBlue and patching it. Uiwix as a worm could have done more damage. WannaCry burned the vulnerability for anyone else who wanted to use it."