New FairWare ransomware targets Linux web servers, holds web folder hostage

Ransomware is almost always associated with Windows computers, due to its undeniable dominance in the computing industry. There have been attempts to create such a malware for Apple, but one was foiled before it became widespread. And when it comes to Linux, a new ransomware variant has recently been developed for it.

A new strain of the malware called FairWare is threatening Linux users, where the attackers hack a Linux server, delete the web folder, and then demand two bitcoins (approximately $1,153 today) from the victims in order to get their files back.

The malware was initially discovered by forum members over at Bleeping Computer, after discovering that their websites were down. Upon logging in to their respective Linux servers, victims were surprised to see that their website folder only contains a file named "READ_ME.txt." Upon opening the file, the victims are ordered to open a Pastebin link to further know about what is happening. The message partly reads:

YOUR SERVER HAS BEEN INFECTED BY FAIRWARE | YOUR SERVER HAS BEEN INFECTED BY FAIRWARE

Hi,

Your server has been infected by a ransomware variant called FAIRWARE. You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within 2 weeks from now to retrieve your files and prevent them from being leaked!

We are the only ones in the world that can provide your files for you! When your server was hacked, the files were encrypted and sent to a server we control!

You can e-mail fairware@sigaint.org for support, but please no stupid questions or time wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as: "can i see files first?" will be ignored. We are business people and treat customers well if you follow what we ask.

Victims are given two weeks to pay up, before their files are leaked. To even convince victims to pay up, it includes a link to a legitimate news article, where the FBI advised ransomware victims to just pay up instead of looking for another way to decrypt their files.

As Lawrence Abrams of Bleeping Computer puts it, unlike usual ransomware, FairWare seems to not encrypt files, and if the attackers do retain them, they are likely to upload them to a server under their control.

Moreover, there is no way to verify if files have really been taken hostage, as the ransom note states that such inquiries will be ignored. This could also imply that the files might have been permanently deleted, just like what the Ranscam ransomware does, even after demanding for money. It is still not known how the malware is supposedly acquired, and how widespread the infection is.

As for now, we advise our readers to be careful with their internet activity, as these kinds of malware could just come out of nowhere. Cybercriminals are also silently waiting in the wings to do their dirty work on innocent victims all over the world.

Source: Bleeping Computer (1) (2) | Blue padlock image via Shutterstock

Report a problem with article
Next Article

IDC: Tablets won't be making a comeback until 2018

Previous Article

Intel announces 7th Gen Kaby Lake Core processors