FairWare Ransomware Strikes Linux Systems, Deletes Files, Demands Bitcoin Payment
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair".
Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either way, if you are hit with it, you are in for a bad day.
Once infected, you'll notice that you no longer have an operational website. Your Web folder on the server will be deleted, and a readme file placed there will refer you to a PasteBin file which explains what happened. The demand: to have the user send 2 Bitcoin (~$1,150 USD) to a specified address or risk having their files leaked to the internet.
Many times, these threats have very little teeth, but many are unlikely to take a chance. Unfortunately, this attack is bound to affect people who don't have the best backup schemes in place. If a good backup is in place, it means that this ransom would have very little affect on the server owner: they could just install the OS fresh, restore from backup, and monitor the situation. That's a lot better than shelling out $1,150 to thieves (who might not actually still have your data).
If FairWare continues to affect more servers, we're bound to learn more about how it infects a server and what people can do to remedy it. However, this story should once again highlight the importance of backups. If you don't understand how to setup a good, reliable backup scheme, you need to head to Google or ask people who know. You can't be put in a situation where you owe ransom for your data.
Furthermore, this is also a good reminder to keep your servers up-to-date, as the longer you go without updating, the greater the chance of your server becoming compromised.