Security Affairs
EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

B0r0nt0K ransomware demands $75,000 ransom to the victims

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers. […]

B0r0nt0K ransomware

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims.

A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers.

The news was first reported by Bleeping Computer, in a BleepingComputer forum post, a user reported the infection of a website running on Ubuntu 16.04. The ransom encrypts all files and renames them by appending .rontok extension to the file names. The user that disclosed the news on the forum was only able to provide the URL of the payment site located at https://borontok.uk/. To access the website the victim have to provide the personal ID.

B0r0nt0K  ransomware

According to the popular malware researcher Michael Gillespie, when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data.

“The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the .rontok extension to the new file name. An example of a encrypted file’s name is zmAAwbbilFw69b7ag4G4bQ%3D%3D.rontok.” reported Bleeping Computer.

By accessing the payment site, the user will be presented with a payment page including payment instructions (i.e. Ransom amount, the bitcoin payment address, and the contact email info@botontok.uk). Experts pointed out that the malware author appears to be willing to negotiate the ransom amount.

BleepingComputer analyzed the source code of the payment site and discovered the string “Vietnamese Hacker” in a comment, a circumstance that could suggest that the malware author is Vietnamese.

Further details are reported in the post published on Bleeping Computer.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – B0r0nt0K ransomware, hacking)

[adrotate banner="5"]

[adrotate banner=”13″]