FairWare Ransomware Targets Linux Servers to Delete Files and Demand Thousand-Dollar Ransom
Ransomware has been on the move lately where we see new threats pop-up just about every day now. Emerging ransomware has become exceptionally sophisticated where some threats will connect to command and control (C&C) servers to download other malware or receive new instructions to carry out malicious activities on the infected computer.
Taking on a new face altogether is destructive ransomware that deletes files from web servers only to demand money to restore those files. A new ransomware called FairWare is actively targeting Linux-based web servers to delete files on the server and then require payment to get the files back. Though, researchers are not sure if the ransomware will uphold its promises of restoring the deleted files once payment is made.
FairWare ransomware infects Linux servers and then relays a notification to the operator or webmaster demanding a Bitcoin payment of $1,150 to restore the files that it claims to have deleted. Looking into the steps that FairWare takes, it is found first to encrypt the files and upload them to another server before deleting them from the victimized server. The server that then stores the files is under the control of the authors of FairWare, who claim in the ransom notification that "We are the only ones in the world that can provide your files for you!"
So far, there haven't been any findings of FairWare actually retaining copies of the alleged deleted files that it claims upon infection of a Linux server. Therefore, paying the ransom fee of $1,150 may not prompt the authors of FairWare to restore the deleted files. Moreover, addressing an email to the provided contact may be a useless feat as the perpetrators will not answer any questions other than those related to setting up a Bitcoin payment.
There has been other ransomware to follow the same path as FairWare, with the exception of attacking Linux servers. Server operators who have had one of their systems victimized by FairWare will more than likely opt out of paying the ransom as it is a commonality among server webmasters to back up their data often, sometimes daily. All they would have to do is wipe the server clean and restore their files from a backup.
One thing to note about ransomware like FairWare that attacks Linux servers is that it is prudent for the server operator to store their backup at an offsite location or they run the risk of having backup data deleted with other files. Additionally, investigating the vulnerability within the server that allowed FairWare to infiltrate the system should be a priority to prevent future infections. Such an intrusion could lead to data being stolen along with sensitive information.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.