A new malware by the name of FairWare Ransomware is in the town. This ransomware has been specially designed for Linux users and allows the hackers to hack the Linux server, delete the web folder, and then make a demand of ransom which has been put to two bitcoins. Only once the demand is met, the user gets back his/her files. The attackers also engage in social engineering by sharing an article which quotes FBI asking users to pay ransom to get files back. It is being suspected that most likely attackers are not encrypting the files as it happens with other ransomwares. Instead they are simply uploading them to a server controlled by them.

The victim only comes to know about the attack when their websites are down. Once they login to their Linux servers, they will discover that the entire web folder has been moved and a note called “READ_ME.txt” has been left behind in the folder within root. This note contains the demand for ransom, how to make the payment and the social engineering ploy.

The attackers behind FairWare ransomware are using hacked Redis servers to install this ransomware. According to an article published by Duo Security, the hackers targeted insecure Redis servers and hacked them in order to install their own SSH key. This allowed them to connect to and login to the hacked server.

However, some investigation carried out by Bleeping Computer revealed that one of the Fairware attackers used an IP address found in the Duo Security’s list of attacker IP addresses which confirms that hackers were using Redis servers to deploy the ransomwares. Above all there has been no indication till now that the files are encrypted or even backed up anywhere before being deleted. This is what makes it to appear as a scam. The attackers will delete the files and won’t even return them even after payment of ransom.

Cyware Publisher

Publisher

Cyware