BorontoK Ransomware Wants $75,000 Ransom, Infects Linux Servers

It has been reported that a new ransomware called BorontoK is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000 ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. In a BleepingComputer forum post, a user stated that a client’s web site was encrypted with the new B0r0nt0K Ransomware. This encrypted web site was running on Ubuntu 16.04 and had all of its files encrypted, renamed, and had the .rontok extension appended to them. 

Gavin Millard, VP of Intelligence at Tenable: 

“It’s difficult to know for certain how many have fallen victim to B0r0nt0k, however the bitcoin wallet currently has zero transactions. Criminals tend to set the ransom at a palatable level where it’s often easier or cost effective to pay instead of having to spend time restoring items from backup. In this case, either the ransomware was intended to be far more corrosive, thereby warranting the large fee, or the threat actor has another motive for infecting users – for example the malware is a test bed for a future attack. Time will tell. 

“Ransomware ranges from an annoying inconvenience to a major incident but in the majority of cases can be avoided. These programs typically exploit a known vulnerability to infect. Organisations must close the holes that these infections crawl through by practising basic cyber hygiene to address their Cyber Exposure. They must focus on good visibility into what assets are connected to their networks, determine where they’re vulnerable to popular attack vectors leveraged by ransomware authors and then either patch or protect assets that matter.”