Threat Management, Malware, Network Security, Ransomware

New B0r0nt0K ransomware roughs up Linux servers

Linux servers and possibly Windows-based machines as well are susceptible to a newly discovered ransomware called B0r0nt0K that encrypts affected data with a base64 algorithm.

Bleeping Computer reported the threat on Sunday after one of its forum visitors published a post about a client whose website web server was infected. The server, which runs on Ubuntu 16.04, had its files, encrypted and renamed with a .rontok extension appended to them.

According to the forum post, the attackers were asking for an exorbitant ransom payment of 20 bitcoins, which on Feb. 25 was worth around $76,000.

Bleeping Computer creator Lawrence Abrams reports that neither a sample of the ransomware or ransom note was available to study, but analysts did have a look at some encrypted files and the payment site, which is located at

Victims who visit the site are asked submit their personal ID, after which they are directed to another page that contains the ransom amount, the bitcoin payment address and an email to contact the developers.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.