Linux administrators have discovered a new ransomware variant called FairWare that targets servers. The users have found a ransom note in their hacked servers.
The FairWare ransomware is still unknown to most researchers
System administrators of Linux servers have uncovered a new ransomware variant that infected their hacked systems. The ransom note that has been found in the affected machines and names the threat FairWare. The note has been copied in /root/ and all user directories. The reports state that no encrypted files were discovered yet. However the ransomware may employ a different strategy that most variants.
Experts speculate that the ransomware might download all server data and upload them to a malicious remote server. As the copy includes sensitive information such as files and account credentials, the criminals behind FairWare may blackmail the system owners to prevent information leakage.
The inspected log files indicate that the criminals have SSH brute force attacks, and this is the currently known attack method. Concerned users have tried contacting the FairWare developers via email and so far there has been no response from their side.
It is possible that this is a scam perpetrated by criminals as no ransomware code has been discovered so far. The administrators have not found any file changes or system process modifications, apart from the creation of the ransomware note. The investigation is ongoing into the issue.
The ransomware note has the following contents:
YOUR SERVER HAS BEEN INFECTED BY FAIRWARE | YOUR SERVER HAS BEEN INFECTED BY FAIRWARE
Hi,
Your server has been infected by a ransomware variant called FAIRWARE.
You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within 2 weeks from now to retrieve your files and prevent them from being leaked!
We are the only ones in the world that can provide your files for you!
When your server was hacked, the files were encrypted and sent to a server we control!
You can e-mail [email protected] for support, but please no stupid questions or time
wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as:
"can i see files first?" will be ignored.
We are business people and treat customers well if you follow what we ask.
FBI ADVISE FOR YOU TO PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/
HOW TO PAY:
You can purchase BITCOINS from many exchanges such as:
http://okcoin.com
http://coinbase.com
http://localbitcoins.com
http://kraken.com
When you have sent payment, please send e-mail to [email protected] with:
1) SERVER IP ADDRESS
2) BTC TRANSACTION ID
and we will then give you access to files, you can delete files from us when done
Goodbye!
