Fairware: The ‘Punny’ Ransomware

It is beyond our understanding how on Earth can one possibly utter the words ‘Fair’ and ‘Ransomware’ in the same breath. Experts at BleepingComputer.com apparently don’t. They have dubbed the most recent Ransomware as ‘Fairware’. Pun/Sarcasm, anyone?

Beginnings

The first instance of a ‘Fairware’ attack was posted on a BleepingComputer Forum. According to the victim, the hackers somehow intercepted the password on his Linux machine and logged on to Linux servers for the website. Fairware then deleted the relevant web folder and left a ransom note asking for 2 bitcoins ($1,150 approx.) in return for the files. Furthermore, the attackers threatened to release the files to an unknown location, if the victim didn’t pay up in 2 weeks.

Moving on

Fairware basically wipes clean files from web servers. Linux users are particularly vulnerable. However according to latest reports, the Ransomware has spread its wings further. Similar attacks have been perpetrated against servers that hosted publicly accessible Redis databases. Redis is an open-source data structure server.

After gaining access to the data base, the attackers deleted several directories, including the root directory where websites are stored and left behind a ransom note demanding bitcoins.

The Twist

Unlike the stereotypical ‘Cryto Lockers’, no evidence has been found to suggest that Fairware encrypts i.e. locks users’ data files. Actually, they attackers don’t need to either. They can simply upload the deleted files to the servers they have gained control over. In addition, this might be one of those instances when the files have been deleted for good and users might not be able to get them back even after paying the ransom.

A Rude Note

The author(s) of Fairware categorically states that he/she won’ entertain questions. Below is a verbatim account of the ransom note flashed to victims (emphasis our own):

“We are the only ones in the world that can provide your files for you! When your server was hacked, the files were encrypted and sent to a server we control!
You can e-mail fairware@sigaint.org for support, but please no stupid questions or time wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as: ‘can i see files first?’ will be ignored. We are business people and treat customers well if you follow what we ask.”

Meanwhile…

Fairware is not the only Ransomware to have broken out over the last couple of weeks. Here’s a list of the most recent Ransomware starins:

1.RAA Ransomware: The first strain appeared in June this year. A new variant was reported as recently as on August 29 by a man going by the Twitter Handle Antelox.

2. Fabiansomware: Criminals won’t stop. Neither would Crime fighters! Emsisoft security researcher Fabian Wosar has consistently been able to update his master decrypting key for each new variant of Apocalypse Ransomware. Basically he’s been helping victims get their files back without having to pay a ransom. In retaliation, the Apocalypse author named his latest code string as ‘Fabiansomware’ to insult him in late August!

3. Cerber Ransomware: As of August 31, the newer strain adds the extension .Cerber3 for encrypted files.

4.Nullybyte: Bad news for Pokemon Go lovers. This one pretends to be popular Pokemon Go Bot application, NecroBot. But then, as of September 1, a key has already been created by security professionals.

Back to Fairware

Our advice is simple, as always. Why worry about ‘To Pay or Not To Pay’ in the first place?

Just follow the basics and keep your data safe. Create Back Ups!

Ready to get started with Ransomware Protector?

You can download Ransomware Protector by clicking on the button below.

Download Now Free for Personal Use Or
closeicon-new sign-up-free