A new cryptoransomware threat called B0r0nt0K ransomware is being used to encrypt files on Linux and Windows servers. If you haven’t backed up, you will have to pay a ransom of 20 Bitcoin – Around $75,000 – to recover your files.
The new threat was reported to Bleeping Computer by a forum user whose client had been attacked with the new ransomware variant and had website files encrypted. B0r0nt0K Ransomware encrypted all files on the site and changed the file extensions to rontok. The server was running Ubuntu 16.04.
So far, a sample of the ransomware has not been found so little is known about the threat. Bleeping Computer reports that there is a reference to a ‘Vietnamese hacker’ in the payment site that victims are directed to if they have been attacked and a UK email address is provided to contact the attacker, although it is unclear where the attacker is based.
So far, only one report of a successful attack has been received so the extent of the campaign is not yet known, and neither is the method used to distribute the ransomware.
Victims are given 3 days to make contact. If no contact is made, the victim is told that all files and databases that have been encrypted will be permanently destroyed.
For many victims, payment of such a large ransom is simply not an option. While there may be scope to negotiate the payment, the figure would have to come down a considerable amount to make payment worthwhile.
As with all ransomware attacks, recovery without paying the ransom demand will require all files to be restored from backups. It is therefore essential to ensure that a viable backup exists to avoid payment or total loss of files.