Researchers uncovered new ransomware dubbed B0r0nt0K which encrypts victim's web sites and demands a ransom payment of 20 bitcoin, which is worth $75,000. Researchers noted that B0r0nt0K ransomware currently infects Linux servers, but may also have the ability to encrypt users running Windows.
Worth noting - In a forum post, a user stated that his client’s web site running on Ubuntu 16.04 was encrypted with the B0r0nt0k ransomware. B0r0nt0k infected web site’s files were all encrypted, renamed, and appended to the .rontok extension. The user also attached the bitcoin address in the forum post.
A security researcher named Michael Gillespie noted that B0r0nt0k ransomware encrypted files will be renamed, base64 encoded, URL encoded, and appended to the .rontok extension.
The bottom line - The attacker behind the B0r0nt0k ransomware might be a Vietnamese hacker.
“When examining the source code for the payment site, BleepingComputer noticed the "Vietnamese Hacker" embedded comment. While this could indicate that the developer is Vietnamese, this is by no means proof,” BleepingComputer noted in a blog.