Typically, people running some flavor of Linux have little to fear from the hacking community. By and large, Linux users have been ignored or passed by in favor of other targets. Unfortunately, not even Linux users are safe anymore. There’s a new ransomware variant making the rounds called “Fairware,” and it is specifically targeting Linux users.
Most people who run Linux use it to host their own websites, or do other kinds of development work. It’s an ideal OS for those purposes, and the hackers are striking right at the heart of this part of the ecosystem.
The first indication of trouble that most of Fairware’s victims see is that the website they host mysteriously goes down. When they log on to find out why, they discover that the entire web folder is missing, having been deleted from the system. In its place, there’s a simple text file labeled “Read Me,” which explains that Fairware has deleted the folder, and all the data it contained, and if the user wants his files back, he’ll need to send a payment of 2 Bitcoins to the address in the text file.
It gets worse, however. It has been discovered that this malware is being distributed using hacked Redis servers, and there is no indication that the malware is actually making a copy of the deleted files, or taking any steps to back the data up. It’s simply gone, so if you don’t have a backup copy, you’ve lost the data. To add insult to injury, you’re also out the two Bitcoins if you pay the fee to get your files back.
So far, Fairware attacks have been few and far between, but the fact that they’re happening at all should sound alarm bells and put Linux users on notice to start guarding against this kind of attack. Be sure you’ve got a good backup system in place, just in case.