Fair Ransomware

Posted: December 1, 2020

Fair Ransomware Description

The Fair Ransomware is a file-locking Trojan that targets Windows systems and encrypts their media, such as documents. As a variant of the Makop Ransomware, the Fair Ransomware uses a secure encryption routine and delivers a standardized text note that asks for a ransom to help with data recovery. Users should protect their backups for a safer restoration option for any files and have their favored anti-malware service remove the Fair Ransomware after detection.

A Not-Exactly-Fair Trade of Cash for Services

File-locking Trojans of the Makop Ransomware family make up far less space in the threat landscape relative to other examples, like the STOP Ransomware RaaS or Russia's Scarab Ransomware. While fewer in number, variations on the common theme of Makop Ransomware's encryption attacks will remain just as deadly to the digital media collections of unprotected Windows users. Since late November, a sample in circulation, the Fair Ransomware, delivers more of the same technical extortionist crimes.

The Fair Ransomware's features are a paint-by-numbers replication of prior campaigns from the family, such as the Fireee Ransomware, the Origami Ransomware, the Shootlock Ransomware, or the Zbw

Ransomware – all from the current year. Found solely on Windows systems, it conducts the following attacks:

  • Encrypting digital media (documents, pictures, databases, audio, etc.) with AES and stopping them from opening.
  • Adding extensions consisting of the 'fair' string, a bracketed ID, and a bracketed 'fairexchange' e-mail to the files' names.
  • Creating a stock Notepad TXT file, the universal ransom note of the Makop Ransomware family. It offers the threat actor's data recovery service in grammatically poor English but provides no price.

Although some versions of the Makop Ransomware also will delete the Restore Points, malware analysts have yet to confirm it here. Still, its encryption routine is secure, as usual, and users have limited options for restoring any blocked files without a preserved backup, such as a cloud service or a detached storage device.

Once Again, Gamers Rescue a Trojan's Campaign

Makop Ransomware's family is specific to Windows, thanks to the .NET Framework requirement that it shares with many other families of file-locker Trojans. Although threats of this type can circulate in numerous ways, malware experts see revealing details in current database cases of the Fair Ransomware. The Fair Ransomware installers use copyright information that suggests that the program is a 'profile manager' for Egosoft video games – a prominent space sim developer. The implication is that the threat actor is persuading video game pirates into downloading a fake activator for acquiring the game for free.

Software piracy, cheat engines, and other illicit downloads are a hotbed of file-locker Trojans and other threats. In many circumstances, malware analysts link the distribution of such tactics to torrent networks. Still, users also may experience them on threatening or poorly-maintained file-sharing websites devoted to freeware. Users always should scan their downloads before opening them when it comes to EXE or executable files, particularly, and be wary of unofficial programs that aren't endorsed by reputable organizations or companies.

There is a semiregular issue of some AV vendors characterizing the Fair Ransomware's family as Phobos Ransomware variants, a similar group of threats mistakenly. This problem in no way impedes the threat-detection or uninstall process, and productive Windows security products should delete the Fair Ransomware upon detection.

The Fair Ransomware is in no way fair to those whom it attacks, by offering a questionable ransom in exchange for data recovery that may not even work as the attacker promises. However, like most recycled Trojans, it's more threatening to the poorly-prepared and those surfing the Web unsafely than responsible Internet citizenry.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Fair Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Fair Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.