A New B0r0nt0K Ransomware Infects Linux Servers demends for 20 bitcoin to access website

Ransomware

A new ransomware called B0r0nt0 K encrypts the websites of the victim and demands a ransom of 20 bitcoins or about $ 75,000. This ransomware is known to infect Linux servers, but users running Windows can also be encrypted.

This encrypted website was running on Ubuntu 16.04 and all its files were encrypted, renamed and attached to them by the.rontok extension.

Since a sample of the ransomware was not found, there is little other information than what we learned from the files submitted and the payment site. If B0r0nt0 K encrypts a file, it will base64 the encrypted data as shown below, according to Michael Gillespie.

The name of the file will also be renamed by encrypting the file name, encoding it by base64, encoding it by url and finally adding the extension to the file name.rontok. An example of the name of an encrypted file is zmAAwbbilFw69b7ag4G4bQ%3D%3D.rontok

Base64 Encoded Encrypted File

Although the user could not provide a ransom note, he could provide the payment site’s URL at https / borontok.uk. The user will be asked to submit his personal identification when visiting this site.

Once an ID is entered, the user will receive a payment page that includes the amount of the bitcoin ransom, the bitcoin payment address and the email info@botontok.uk that can be used to contact the developers. The ransom demand in this particular case was 20 bitcoins, which is currently about $75,000. However, the developers seem willing to negotiate the price.

SEE ALSO:
Malwarebytes Fileless Ransomware: An emerging threat to the United States

payment-information

Also, anyone can see the hacker embedded comment “Vietnamese Hacker” when examining the source code for the payment site. Although this may indicate that the developer is Vietnamese, it is by no means proof.

B0r0nt0k

Image credit: Bleeping Computers

Total
1
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Dlink router

D-Link NAS Devices are infected by New Cr1ptT0r Ransomware – This time Embedded Systems targeted

Next Post
Browser attack

New web browser attack (MarioNet attack): Allows hackers to run vulnerable code even after you leave a web page

Related Posts