Threat Management, Malware, Network Security, Ransomware

New B0r0nt0K ransomware roughs up Linux servers

February 26, 2019

Linux servers and possibly Windows-based machines as well are susceptible to a newly discovered ransomware called B0r0nt0K that encrypts affected data with a base64 algorithm.

Bleeping Computer reported the threat on Sunday after one of its forum visitors published a post about a client whose website web server was infected. The server, which runs on Ubuntu 16.04, had its files, encrypted and renamed with a .rontok extension appended to them.

According to the forum post, the attackers were asking for an exorbitant ransom payment of 20 bitcoins, which on Feb. 25 was worth around $76,000.

Bleeping Computer creator Lawrence Abrams reports that neither a sample of the ransomware or ransom note was available to study, but analysts did have a look at some encrypted files and the payment site, which is located at https://borontok.uk/.

Victims who visit the site are asked submit their personal ID, after which they are directed to another page that contains the ransom amount, the bitcoin payment address and an email to contact the developers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Ransomware

Mounting ransomware gang prevalence met with decline in victimization

SC StaffJuly 11, 2025

Despite a year-over-year and quarter-over-quarter increase in active ransomware operations, organizations claimed to have been compromised by ransomware gangs have dropped by 22.9% between the first and second quarter of 2025, reports CRN.

Vulnerability Management

Widespread automobile hacking likely with PerfektBlue Bluetooth bugs

SC StaffJuly 11, 2025

BleepingComputer reports that Volkswagen, Skoda, and Mercedes-Benz vehicles have had their OpenSynergy BlueSDK Bluetooth stack impacted by a quartet of low- to high-severity vulnerabilities that could be chained to facilitate a PerfektBlue attack leading to remote code execution and infotainment systems compromise.

Crypto Trading theme with blurred city abstract lights background

Threat Intelligence

Ongoing crypto draining scheme involves startup impersonation

SC StaffJuly 11, 2025

Artificial intelligence, Web3, social media, and gaming firms have been spoofed to facilitate the deployment of cryptocurrency draining malware on Windows and macOS systems as part of a social engineering campaign that has been underway since March 2024, The Hacker News reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

New B0r0nt0K ransomware roughs up Linux servers

An In-Depth Guide to Network Security

Related

Mounting ransomware gang prevalence met with decline in victimization

Widespread automobile hacking likely with PerfektBlue Bluetooth bugs

Ongoing crypto draining scheme involves startup impersonation

Related Events

The invisible layer: Why AI-powered application security can’t be an afterthought

Bridging the Gap: Turning Threat Intelligence into Operational Security Outcomes

Cloud Detection and Response (CDR): Essential strategies and solutions

Get daily email updates