New and Mysterious FairWare Ransomware Targets Linux Servers

August 30, 2016

At least three Linux server administrators have complained at the time of writing about a new ransomware variant called FairWare that targets web servers running Linux.

Users, who posted their quandary on a ransomware support thread on the Bleeping Computer forum and the Chinese V2EX Q&A site, said that somebody hacked their servers, removed their website root folders, and left a ransom note behind in the /root folder.

The ransom note (READ_ME.txt) contained only the following text: “Hi, please view here: for information on how to obtain your files!”

The PasteBin link includes a longer ransom note, with more details, asking the user to make a 2 Bitcoin (~$1,150) payment to a Bitcoin wallet, and also providing an email address to get in contact with the crook.

Read full story…