• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Ransomware   »   Web site offline? New server-focused FAIRWARE Ransomware could be why

Web site offline? New server-focused FAIRWARE Ransomware could be why

  • Posted on:September 1, 2016
  • Posted in:Ransomware
  • Posted by:
    Steve Neville
0
Staying updated about current security threats can help ensure protection for the future.

In a time of non-stop news stories about ransomware, a new variant called FAIRWARE is attacking Linux-based servers running web sites.

First reported in a post on Bleeping Computer’s forum, victims believe that their machines have been brute-forced to gain access. Once on the server, the attackers purportedly encrypt and remove the contents of the web folder, deleting the original files and leaving a message that demands a ransom payment of two Bitcoins in return for the files. Of course, the removal of the contents of the www folder render the web server unusable, which would be a major issue for mission critical web applications. If the victim doesn’t pay the ransom within two weeks, victims are warned that they won’t get their files back and they may be leaked publicly.

It’s still unclear if the FAIRWARE ransomware developer actually removes the files before deleting or if it’s simply a ploy to get victims to pay a ransom. To date, no one has paid the ransom to the Bitcoin wallet defined in the note left behind, but with valuable data at risk, there will be a strong desire for a victim to try and recover the data by paying the ransom.

Although we have seen few forms of server-focused ransomware in the past (SAMSAM is a recent variant that leveraged a JBOSS vulnerability), FAIRWARE is a good reminder that there is no silver bullet when it comes to protecting your organization from ransomware. While the majority of attacks are focused on the end user, your servers run your mission critical applications and store sensitive enterprise data, and need to be protected as a part of a layered security strategy.

An effective server security solution, such as Trend Micro Deep Security, can protect your servers across the hybrid cloud from attack with a wide range of security controls, including helping with:

  • Early detection of an attack, including brute force like used by FAIRWARE and lateral movement from server to server, enabling immediate action to be taken to minimize the potential impact.
  • Shielding your servers from attacks (like SAMSAM) that leverage a vulnerability to gain a foothold on the server.
  • Protecting enterprise file servers—which house large volumes of valuable corporate data—from attack via a compromised end user, alerting administrators and stopping suspicious activity in its tracks.

As a part of our commitment to helping our customers with the challenges of ransomware, we’ve put together some useful advice and tools based on our extensive experience with this type of threat. You can also listen in to an insightful Webinar from experts that will provide you with practical advice on what you should be doing to protect your organization.

 

Related posts:

  1. The Life Cycle of a Compromised (Cloud) Server
  2. Ransomware is Still a Blight on Business
  3. 6 Scariest Faces of Ransomware
  4. The Server Compute Evolution Continues…as does Trend Micro’s Market Leadership in Server Security

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.