Security Market Segment LS
Wednesday, 31 August 2016 10:42

Fairware ransomware for Linux Web servers

By

FairWare was first reported on Bleeping Computer's forum on 27 August with readers looking for information on this potential ransomware. Reports indicated that Linux systems had been penetrated with the website folder being removed and replaced with a ransom note demanding two bitcoins.

“At this time it is unknown if the attacker actually retains the victim's files and will return them after a ransom payment. Though all ransomware victims should avoid paying a ransom if you do plan on paying, it is suggested you verify they have your files first,” wrote Bleeping Computer's Lawrence Abrams.

The ransom note requests that the victim pays two bitcoins within two weeks to get their files back. They are also very helpfully told that they could email fairware@sigaint.org with any questions.

Ransomware/malware for Linux is not common. This attack is aimed fairly and squarely at the Web hosting community as the majority of Web pages are hosted on Linux servers.

This is the first ransomware that “permanently” deletes files and is understood to look for backup files on the server too. It presumably uploads them to the C&C server. On payment, the files are simply copied back.

It is not yet known how the breach occurs. All reports have stated they use well-patched systems, and one even used a 13 mixed alpha/numeric/symbol password. It is possible that it gets in via a content management system (CMS) vulnerability and Wordpress has been mentioned. Vulnerabilities in CMS systems are a whole other issue.

 

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

MITIGATE FRAUD WITH HYLAND’S DIGITAL CREDENTIALING SOLUTION

Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time

JOIN WEBINAR!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments