Fair Ransomware

The Fair Ransomware is a file-locking Trojan that targets Windows systems and encrypts their media, such as documents. As a variant of the Makop Ransomware, the Fair Ransomware uses a secure encryption routine and delivers a standardized text note that asks for a ransom to help with data recovery. Users should protect their backups for a safer restoration option for any files and have their favored anti-malware service remove the Fair Ransomware after detection.

A Not-Exactly-Fair Trade of Cash for Services

File-locking Trojans of the Makop Ransomware family make up far less space in the threat landscape relative to other examples, like the STOP Ransomware RaaS or Russia's Scarab Ransomware. While fewer in number, variations on the common theme of Makop Ransomware's encryption attacks will remain just as deadly to the digital media collections of unprotected Windows users. Since late November, a sample in circulation, the Fair Ransomware, delivers more of the same technical extortionist crimes.

The Fair Ransomware's features are a paint-by-numbers replication of prior campaigns from the family, such as the Fireee Ransomware, the Origami Ransomware, the Shootlock Ransomware, or the Zbw

Ransomware – all from the current year. Found solely on Windows systems, it conducts the following attacks:

• Encrypting digital media (documents, pictures, databases, audio, etc.) with AES and stopping them from opening.
• Adding extensions consisting of the 'fair' string, a bracketed ID, and a bracketed 'fairexchange' e-mail to the files' names.
• Creating a stock Notepad TXT file, the universal ransom note of the Makop Ransomware family. It offers the threat actor's data recovery service in grammatically poor English but provides no price.

Although some versions of the Makop Ransomware also will delete the Restore Points, malware analysts have yet to confirm it here. Still, its encryption routine is secure, as usual, and users have limited options for restoring any blocked files without a preserved backup, such as a cloud service or a detached storage device.

Once Again, Gamers Rescue a Trojan's Campaign

Makop Ransomware's family is specific to Windows, thanks to the .NET Framework requirement that it shares with many other families of file-locker Trojans. Although threats of this type can circulate in numerous ways, malware experts see revealing details in current database cases of the Fair Ransomware. The Fair Ransomware installers use copyright information that suggests that the program is a 'profile manager' for Egosoft video games – a prominent space sim developer. The implication is that the threat actor is persuading video game pirates into downloading a fake activator for acquiring the game for free.

Software piracy, cheat engines, and other illicit downloads are a hotbed of file-locker Trojans and other threats. In many circumstances, malware analysts link the distribution of such tactics to torrent networks. Still, users also may experience them on threatening or poorly-maintained file-sharing websites devoted to freeware. Users always should scan their downloads before opening them when it comes to EXE or executable files, particularly, and be wary of unofficial programs that aren't endorsed by reputable organizations or companies.

There is a semiregular issue of some AV vendors characterizing the Fair Ransomware's family as Phobos Ransomware variants, a similar group of threats mistakenly. This problem in no way impedes the threat-detection or uninstall process, and productive Windows security products should delete the Fair Ransomware upon detection.

The Fair Ransomware is in no way fair to those whom it attacks, by offering a questionable ransom in exchange for data recovery that may not even work as the attacker promises. However, like most recycled Trojans, it's more threatening to the poorly-prepared and those surfing the Web unsafely than responsible Internet citizenry.