[hx1997]

Hi,

A user on a Chinese forum complained of being infected by some ransomware calling itself FAIRWARE: https://www.v2ex.com/t/302088

Ransom note uploaded here: http://pastebin.com/raw/jtSjmJzS

Is this a new family or just variant of some known ransomware? Did anyone happen to see its sample?

[CloneRanger]

Re - fairware@sigaint.org in the ransom.

As soon as i saw sigaint.org it immediately rang a bell ! Here's where i remember seeing it listed - https://citizenlab.org/2016/08/million- ... -group-uae

Of course it "could" just be a concidence that the same @ is being used ? Hopefully others can look deeper into it, and post their findings, on here and/or elsewhere ;)

[hx1997]

Re - fairware@sigaint.org in the ransom.

A quick Google search revealed that sigiant.org is a darknet email service capable of sending mails to .onion addresses. Thus they could be just unrelated. Still, thanks for the info!

[CloneRanger]

darknet email service, so it is just a coincidence then, Thanx, & for the link. Good catch !

[waffles2.0]

A quick google turns out to be rather informative with many recent articles on the fairware ransomware.

http://www.bleepingcomputer.com/news/se ... computers/
http://www.securityweek.com/fairware-ra ... ux-servers