From 7fee4f3a1bc1ea59ce2970bd7867d0dec6647c60 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 18 May 2017 13:59:47 +0200
Subject: [PATCH] add Uiwik ransomware

---
 clusters/ransomware.json | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 803f1d9d..26b0a4a8 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -1239,7 +1239,7 @@
           "IMPORTANTE_LEER.html",
           "RECUPERAR_ARCHIVOS.html",
           "https://3.bp.blogspot.com/-KE6dziEK4To/WHnvPzKOs7I/AAAAAAAADHI/KPBjmO9iChgAa12-f1VOxF49Pv27-0XfQCLcB/s1600/note.jpg"
-        ],
+        ],Yamuraiha
         "encryption": "AES",
         "extensions": [
           ".locked"
@@ -8465,6 +8465,22 @@
         ]
       }
     }
+    {
+      "value": "Uiwix Ransomware",
+      "description": "Using EternalBlue SMB Exploit To Infect Victims",
+      "meta": {
+        "extensions": [
+          "._[10_digit_victim_id].UIWIX"
+        ],
+        "encryption": "may be a mixture of AES and RC4.",
+        "ransomnotes": [
+          "_DECODE_FILES.txt"
+        ],
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/"
+        ]
+      }
+    }
   ],
   "source": "Various",
   "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",