Fairware Ransomware Attacks Linux Servers - How to, Technology and PC Security Forum | SensorsTechForum.com

Fairware Ransomware Attacks Linux Servers

source-penguins-of-magadascar-server-fairware-sensorstechforumA new ransomware virus has been reported to cause damage to web servers based on Linus. This virus, dubbed Fairware, does not use a direct encryption approach. Unlike other ransomware for web servers, the malware directly eliminates the web folder of the compromised server. Malware researchers believe that this threat is still at large, and it may make copies of the web folder on the C&C (Command and Control) servers of the people behind it.

The Fairware virus demands it’s victim to pay the sum of 2 BTC (Approximately 1200 US dollars).

Fairware Ransomware – More Information

According to victims’ reports, the deletion of the web folder resulted in their websites being down. Not only this but also a ransom note was left in the root folder of their Linux OS’s. The ransom note left behind does not directly notify users. Instead it has a URL web link that leads to it, along with a brief request to open it.

The file is named READ_ME.txt and it’s requesting is the following:

→“Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!”

This URL has been checked, and it does not contain any viruses. However it has the following payment instructions to convert money into the crypto currency BitCoin and pay the 2 BTC ransom payoff requested by the crooks.

The instructions set by Fairware ransomware are the following:

→”YOUR SERVER HAS BEEN INFECTED BY FAIRWARE | YOUR SERVER HAS BEEN INFECTED BY FAIRWARE
Hi,
Your server has been infected by a ransomware variant called FAIRWARE.
You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks from now to retrieve your files and prevent them from being leaked!
We are the only ones in the world that can provide your files for you!
When your server was hacked, the files were encrypted and sent to a server we control!
You can e-mail [email protected] for support, but please no stupid questions or time wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as:
“can I see files first?” will be ignored.
We are business people and treat customers well if you follow what we ask.
FBI ADVISE FOR YOU TO PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/
HOW TO PAY:
You can purchase BITCOINS from many exchanges such as:
http://okcoin.com
http://coinbase.com
http://localbitcoins.com
http://kraken.com
When you have sent payment, please send e-mail to [email protected] with:
1) SERVER IP ADDRESS
2) BTC TRANSACTION ID
and we will then give you access to files; you can delete files from us when done
Goodbye!”

Obviously, from the ransom instructions above it is clear that the cyber-criminals’ one and only aim is to induce fear into the victims of the virus to pay the ransom. They even use the FBI as a pretext, claiming even the law advises paying the ransom. And if this is not convincing enough, users are also told that the files of their website will be publicly exposed which equals to a direct threat.

Fairware Virus – What Should I Do?

The virus gives two weeks deadline for payment. However, malware researchers strongly advise against paying any ransom money to cyber-criminals for several obvious reasons:

  • The virus may have already permanently deleted your website folder.
  • You pay money to support criminal activity.

Instead, website administrators are advised to clean their web server from this virus and seek any backups to recover their files.

At the moment, there does not seem to be a viable solution for this virus, but malware researchers and the law is working on catching the people responsible and hence releasing more information. We plan to keep updating this article with new information about the Fairware ransomware threat.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

3 Comments

  1. morgan cox

    is based on Linus?

    Reply
    1. Vencislav Krustev

      yes and it may attack apache servers as well

      Reply
    2. Vencislav Krustev

      Hello Morgan,

      The virus is genuinely created for Linux computers, but I am not sure what it’s source code is based on. It may primarily attack Linux PCs that have been configured to run as servers.

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.