1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New FairWare Ransomware targeting Linux Computers

Discussion in 'Apple, Linux & Unix Security Alerts/News' started by starbuck, Aug 29, 2016.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Sep 26, 2009
    Midlands, UK
    Operating System:
    Windows 10
    AMD Athlon II x2 250 Processor 3.00GHz
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper

    A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back.

    In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.

    Victims have reported that they first learned about this attack when they discovered their web sites were down.
    When they logged into their Linux servers, they discovered that the web site folder had been removed and a note called READ_ME.txt was left in the /root/ folder.
    This note contains a link to a further ransom note on pastebin.

    The content of the READ_ME.txt file is:

    The ransom note on pastebin requests that the victim pay two bitcoins to the bitcoin address 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks to get their files back.
    They are also told that they can email fairware@sigaint.org with any questions.

    The full content of this ransom note is:
    At this time it is unknown if the attacker actually retains the victim's files and will return them after ransom payment.
    Though all ransomware victims should avoid paying a ransom, if you do plan on paying, it is suggested you verify they have your files first.

    Source and Credit:
    Lawrence Abrams

Share This Page