- Newly discovered ransomware dubbed ‘B0r0nt0k’ encrypts victims’ web sites and demands a ransom payment of 20 bitcoin, which is worth $75000.
- This ransomware currently infects Linux servers but may also have the ability to encrypt Windows servers.
Researchers uncovered new ransomware dubbed B0r0nt0K which encrypts victim's web sites and demands a ransom payment of 20 bitcoin, which is worth $75,000. Researchers noted that B0r0nt0K ransomware currently infects Linux servers, but may also have the ability to encrypt users running Windows.
Worth noting - In a forum post, a user stated that his client’s web site running on Ubuntu 16.04 was encrypted with the B0r0nt0k ransomware. B0r0nt0k infected web site’s files were all encrypted, renamed, and appended to the .rontok extension. The user also attached the bitcoin address in the forum post.
A security researcher named Michael Gillespie noted that B0r0nt0k ransomware encrypted files will be renamed, base64 encoded, URL encoded, and appended to the .rontok extension.
- The researcher visited the payment site, provided by the user.
- Upon visiting the payment site, the user will be asked to enter his personal ID.
- Upon entering the personal ID, the user will be redirected to a payment page which includes the ransom payment amount, bitcoin address, and the attackers’ email id (info@botontok[.]uk).
The bottom line - The attacker behind the B0r0nt0k ransomware might be a Vietnamese hacker.
- Upon examining the source code of the payment site, the researcher observed a ‘Vietnamese hacker’ embedded comment.
- This indicates that the attacker behind the B0r0nt0k ransomware might be Vietnamese. However, there’s no strong evidence to support this.
“When examining the source code for the payment site, BleepingComputer noticed the "Vietnamese Hacker" embedded comment. While this could indicate that the developer is Vietnamese, this is by no means proof,” BleepingComputer noted in a blog.