B0r0nt0K is a ransomware variant targeting Linux servers, and possibly could be used to encrypt files on Windows systems as well. One known victim was running Ubuntu 16.04 and had its files encrypted and appended with .rontok. According to researcher Michael Gillespie, after a file is encrypted, it is base64 encoded. The website provided to the victim to be used for payment is https://borontok[.]uk. The site allows the victim to enter their unique user ID to determine their ransom amount, the bitcoin payment address, and an email that can be used to contact the threat actors. In one case, the ransom demand was 20 bitcoin, or approximately $75,000.

Technical Details and Reporting

  • Bleeping Computer provides details of this ransomware variant here.