fairware New FairWare Ransomware targeting Linux Computers

[vissha]

New FairWare Ransomware targeting Linux Computers

 

 

A new attack called FaireWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control.

 

Victims have reported that they first learned about this attack when they discovered their web sites were down. When they logged into their Linux servers, they discovered that the web site folder had been removed and a note called READ_ME.txt was left in the /root/ folder. This note contains a link to a further ransom note on pastebin.

 

The content of the READ_ME.txt file is:

 

Quote

Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!

 

The ransom note on pastebin requests that the victim pay two bitcoins to the bitcoin address 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks to get their files back. They are also told that they can email [email protected] with any questions.

 

The full content of this ransom note is:

 

Quote

YOUR SERVER HAS BEEN INFECTED BY FAIRWARE | YOUR SERVER HAS BEEN INFECTED BY FAIRWARE

 

Hi,

 

Your server has been infected by a ransomware variant called FAIRWARE.

You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within 2 weeks from now to retrieve your files and prevent them from being leaked!

 

We are the only ones in the world that can provide your files for you!

When your server was hacked, the files were encrypted and sent to a server we control!

 

You can e-mail [email protected] for support, but please no stupid questions or time wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as: "can i see files first?" will be ignored.

 

We are business people and treat customers well if you follow what we ask. FBI ADVISE FOR YOU TO PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/

 

HOW TO PAY:

 

You can purchase BITCOINS from many exchanges such as:

http://okcoin.com

http://coinbase.com

http://localbitcoins.com

http://kraken.com

 

When you have sent payment, please send e-mail to [email protected] with:

 

1) SERVER IP ADDRESS

2) BTC TRANSACTION ID

 

and we will then give you access to files, you can delete files from us when done

 

Goodbye!

 

At this time it is unknown of the attacker actually retains the victim's files and will return them after ransom payment. Though all ransomware victims should avoid paying a ransom, if you do plan on paying, it is suggested you verify they have your files first.

 

Source

[pc71520]

Wow!

If Linux Servers are hacked, then...