August 30, 2016
At least three Linux server administrators have complained at the time of writing about a new ransomware variant called FairWare that targets web servers running Linux.
Users, who posted their quandary on a ransomware support thread on the Bleeping Computer forum and the Chinese V2EX Q&A site, said that somebody hacked their servers, removed their website root folders, and left a ransom note behind in the /root folder.
The ransom note (READ_ME.txt) contained only the following text: “Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!”
The PasteBin link includes a longer ransom note, with more details, asking the user to make a 2 Bitcoin (~$1,150) payment to a Bitcoin wallet, and also providing an email address to get in contact with the crook.