A new ransomware virus has been reported to cause damage to web servers based on Linus. This virus, dubbed Fairware, does not use a direct encryption approach. Unlike other ransomware for web servers, the malware directly eliminates the web folder of the compromised server. Malware researchers believe that this threat is still at large, and it may make copies of the web folder on the C&C (Command and Control) servers of the people behind it.
The Fairware virus demands it’s victim to pay the sum of 2 BTC (Approximately 1200 US dollars).
Fairware Ransomware – More Information
According to victims’ reports, the deletion of the web folder resulted in their websites being down. Not only this but also a ransom note was left in the root folder of their Linux OS’s. The ransom note left behind does not directly notify users. Instead it has a URL web link that leads to it, along with a brief request to open it.
The file is named READ_ME.txt and it’s requesting is the following:
This URL has been checked, and it does not contain any viruses. However it has the following payment instructions to convert money into the crypto currency BitCoin and pay the 2 BTC ransom payoff requested by the crooks.
The instructions set by Fairware ransomware are the following:
Obviously, from the ransom instructions above it is clear that the cyber-criminals’ one and only aim is to induce fear into the victims of the virus to pay the ransom. They even use the FBI as a pretext, claiming even the law advises paying the ransom. And if this is not convincing enough, users are also told that the files of their website will be publicly exposed which equals to a direct threat.
Fairware Virus – What Should I Do?
The virus gives two weeks deadline for payment. However, malware researchers strongly advise against paying any ransom money to cyber-criminals for several obvious reasons:
- The virus may have already permanently deleted your website folder.
- You pay money to support criminal activity.
Instead, website administrators are advised to clean their web server from this virus and seek any backups to recover their files.
At the moment, there does not seem to be a viable solution for this virus, but malware researchers and the law is working on catching the people responsible and hence releasing more information. We plan to keep updating this article with new information about the Fairware ransomware threat.