B0r0nt0K Ransomware Demands 20 Bitcoin (app $75000) from Victims

The newest malware ransomware making news is B0r0nt0K (similar to ‘BorontoK’ only the Os are replaced with 0s). While it has hit at least one Linux server, experts say that it also has the potential to lock up Windows servers. Unfortunately, at the moment there seems to be no B0r0nt0k antivirus defense.

The B0R0nt0k ransomware encrypts all of the files on the affected server, adding the ‘.rontok’ extension to them. In order to decrypt the files, the owner of the website has to cough up 20 Bitcoin (value approximately $75,000 USD).

The site at which one is to pay the ransom, borontok.uk was registered this month, through registrar one.com. However, at the time of this writing, the site had already been taken down.

 

Explains Bleeping Computer, in whose forums the ransomware was first reported, “The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the .rontok extension to the new file name. An example of a encrypted file’s name is zmAAwbbilFw69b7ag4G4bQ%3D%3D.rontok.”

The original forum post, posted on Friday by Bleeping Computer user ‘magicker’, says, in toto:

B0r0nt0K (Rontok) Ransomware (website encrypted with .rontok)

Hi there

A client of mine had their web site encrypted. Demanding 20 BC (£60 000!!!) for keys (the site cant make that in a decade)

the extension is

.rontok

for which I cant find a single reference on the net.

bc address: 3P8nU1oLe23DtSuzFQMoVJdqcJA6xKnVJC[/size]

the server us (sic) running ubuntu 16.04″

When the victim would go to the borontok.uk site, they would see this image:

borontok.uk botontok.uk
Credit: BleepingComputer.com

Note that the email address to contact them has a typo in it (‘botontok.uk’ instead of ‘borontok.uk’). However, the email address is correct on the subsequent screen to which they are taken after entering the UUID provided by the hacker to the victim.

Read Internet Patrol Articles Right in Your Inbox as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Or get notified of new Internet Patrol articles for free!

borontok demand screen
Credit: BleepingComputer.com
b0r0nt0k borontok demand screen
Credit: BleepingComputer.com

Bleeping Computer goes on to say that “Once an ID is entered, the user will be presented with a payment page that includes a the bitcoin ransom amount, the bitcoin payment address, and the info@botontok.uk {Ed. note: the email address on that second screen is actually the correct “info@borontok.uk” email address, not the “info@botontok.uk” email address} email that can be used to contact the developers. In this particular instance, the ransom demand was 20 bitcoins, which is currently equal to approximately $75,000. The developers, though, appear to be willing to negotiate the price.”

That last is based on the fact that at the bottom of that second screen the text includes “Negotiate? Contact: info@borontok.uk”.

Now of course, this may all seem moot given that the borontok.uk website has been shut down. However, there’s nothing stopping the hacker from bringing up a new site and hitting more victims – after all, he just needs one victim to pay up to make it more than worth his while to keep opening new payment websites and to keep doing his dirty work.

So what is the best way to protect yourself against this and other ransomeware?

According to antivirus company Norton, the best ways to protect yourself against ransomware include the obvious (don’t respond to the hacker, don’t give in to the demands, have good antivirus software) and some things that may not be so obvious, such as making sure that all of your software is up to date and all patches are employed (as software holes are one of the easier ways for a hacker to get malware onto your computer).

 

And if you are hit with ransomware, restore your files from the last good backup (which you are making, right?)

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money.That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something help keep the Internet Patrol free?Thank you!

Get notified of new Internet Patrol articles!
People also searched for malware
Summary
B0r0nt0K Ransomware Demands 20 Bitcoin (app $75000) from Victims
Article Name
B0r0nt0K Ransomware Demands 20 Bitcoin (app $75000) from Victims
Description
The newest malware ransomware making news is B0r0nt0K (similar to 'BorontoK' only the Os are replaced with 0s). While it has hit at least one Linux server, experts say that it also has the potential to lock up Windows servers. Unfortunately, at the moment there seems to be no B0r0nt0k antivirus defense.
Author

Leave a Reply

Your email address will not be published. Required fields are marked *