New Ransomware Targets Linux

Wednesday, August 31, 2016 @ 11:08 AM gHale


A new ransomware is focusing on web servers running Linux.

Users resorted to going on a ransomware support site to say someone hacked their servers, removed their website root folders, and left a ransom note behind in the /root folder.

RELATED STORIES
Decrypter Released for New Ransomware
New Ransomware Version Available
Ransomware Decrypters Available
New Ransomware Offers Multiple Versions

The ransom note (READ_ME.txt) contained only the following text: “Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!” Researchers are calling the ransomware FairWare.

The PasteBin link includes a longer ransom note, with more details, asking the user to make a 2 Bitcoin (~$1,150) payment to a Bitcoin wallet, and also providing an email address to get in contact with the attacker.

There is no evidence that FairWare encrypts the user’s files, said Malware analyst and Bleeping Computer founder Lawrence Abrams in a blog post. The attacker may be just uploading the files to a server under his control and holding them for ransom.

On the other hand, FairWare’s author may be deleting files for good and that users might get scammed after paying the ransom. In the attackers expanded ransom note, the FairWare author said he will not answer any questions from victims or requests to prove he stole their files.

In spite of the attacker’s claim of not answering emails, users should attempt to get proof that their files still exist before paying the ransom.

To date there are no payments in the Bitcoin wallet address listed in the ransom note.