Menu
New ransomware threat deletes files from Linux web servers

New ransomware threat deletes files from Linux web servers

Attackers claim the files are first encrypted and uploaded to a server under their control

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.

Dubbed FairWare, the malicious program is not the first ransomware threat to target Linux-based web servers but is the first to delete files. Another program called Linux.Encoder first appeared in November and encrypted files, but did so poorly, allowing researchers to create recovery tools.

After attackers hack a web server and deploy FairWare, the ransomware deletes the entire web folder and then asks for two bitcoins (around US$1,150) to restore them, Lawrence Abrams, the founder of tech support forum BleepingComputer.com, said in a blog post.

In the ransom note left on the server, attackers claim that before being deleted from the targeted server, the files were first encrypted and uploaded to another server under their control.

"We are the only ones in the world that can provide your files for you!" the ransom note reads. The payment must be made within two weeks, the note says.

There is no evidence yet that attackers actually have copies of the deleted files, so users should think twice before paying. The ransom note includes a contact email address but says questions like "can I see files first?" will be ignored.

Many server operators may decide not to pay because websites typically have backup routines in place. Many web hosting providers also include daily or weekly backups as part of their service.

Webmasters who run their own web servers should keep in mind that backups must be saved to an offsite location, not on the production server where they can be affected by a potential server compromise.

Even with backups available, a ransomware infection should be cause for concern and should prompt the server administrator to investigate the weakness that allowed the server incident to occur in the first place. Possible causes include vulnerabilities in the website or stolen administrative credentials.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments