Ransomware Research
UIWIX Ransomware
UIWIX is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on May 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- UIWIX
- First Seen
- May 1, 2017
How UIWIX Ransomware Works
Targeted Files
Full extension -> ._[10_digit_victim_id].UIWIX https://www.bleepingcomputer.com/forums/t/646253/uiwix-ransomware-help-support-topic-uiwix-decode-filestxt/ Requires C&C in TOR
File Encryption Patterns
UIWIX modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..UIWIX
Ransom Note and Payment Demands
After encrypting files, UIWIX displays ransom notes demanding payment for file recovery:
_DECODE_FILES.txt
Ransom message:
notes/_DECODE_FILES.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with UIWIX ransomware:
UIWIX.exe
Trojan.Ransom.UIWIX.exe
410.json
UIWIX.bin
sample (36).bin%vir
146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc.vir.DNvir
UIWIX.exe.bin
146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc.146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc
UIWIX-01.DLL
aa
Z2vrcbvT2.tar.bz2
Elastio Can Help You
Don't let UIWIX ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This UIWIX ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like UIWIX.
Last updated: July 30, 2025