Ransomware

New B0r0nt0K ransomware roughs up Linux servers

Linux servers and possibly Windows-based machines as well are susceptible to a newly discovered ransomware called B0r0nt0K that encrypts affected data with a base64 algorithm.

Bleeping Computer reported the threat on Sunday after one of its forum visitors published a post about a client whose website web server was infected. The server, which runs on Ubuntu 16.04, had its files, encrypted and renamed with a .rontok extension appended to them.

According to the forum post, the attackers were asking for an exorbitant ransom payment of 20 bitcoins, which on Feb. 25 was worth around $76,000.

Bleeping Computer creator Lawrence Abrams reports that neither a sample of the ransomware or ransom note was available to study, but analysts did have a look at some encrypted files and the payment site, which is located at https://borontok.uk/.

Victims who visit the site are asked submit their personal ID, after which they are directed to another page that contains the ransom amount, the bitcoin payment address and an email to contact the developers.

prestitial ad