- Jan 24, 2011
- 9,378
At least three Linux server administrators have complained at the time of writing about a new ransomware variant called FairWare that targets web servers running Linux.
Users, who posted their quandary on a ransomware support thread on the Bleeping Computer forum and the Chinese V2EX Q&A site, said that somebody hacked their servers, removed their website root folders, and left a ransom note behind in the /root folder.
The ransom note (READ_ME.txt) contained only the following text: "Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!"
The PasteBin link includes a longer ransom note, with more details, asking the user to make a 2 Bitcoin (~$1,150) payment to a Bitcoin wallet, and also providing an email address to get in contact with the crook.
This may be an elaborate scam
Malware analyst and Bleeping Computer founder Lawrence Abrams says there is no evidence that FairWare encrypts the user's files. The crook may be just uploading the files to a server under his control and holding them for ransom.
He also warns that FairWare's author may also be deleting files for good and that users might get scammed after paying the ransom. In the crook's expanded ransom note, which is embedded in full below, the FairWare author says he will not answer any questions from victims or requests to prove he stole their files.
Read more: http://news.softpedia.com/news/new-...ransomware-targets-linux-servers-507740.shtml
Users, who posted their quandary on a ransomware support thread on the Bleeping Computer forum and the Chinese V2EX Q&A site, said that somebody hacked their servers, removed their website root folders, and left a ransom note behind in the /root folder.
The ransom note (READ_ME.txt) contained only the following text: "Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!"
The PasteBin link includes a longer ransom note, with more details, asking the user to make a 2 Bitcoin (~$1,150) payment to a Bitcoin wallet, and also providing an email address to get in contact with the crook.
This may be an elaborate scam
Malware analyst and Bleeping Computer founder Lawrence Abrams says there is no evidence that FairWare encrypts the user's files. The crook may be just uploading the files to a server under his control and holding them for ransom.
He also warns that FairWare's author may also be deleting files for good and that users might get scammed after paying the ransom. In the crook's expanded ransom note, which is embedded in full below, the FairWare author says he will not answer any questions from victims or requests to prove he stole their files.
Read more: http://news.softpedia.com/news/new-...ransomware-targets-linux-servers-507740.shtml
