Walden Systems Geeks Corner B0r0nt0K ransomware threatens Linux servers news Rutherford NJ New Jersey NYC New York North Bergen County

B0r0nt0K ransomware threatens Linux servers

The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files. The new ransomware threat and the ransom of 20 bitcoins, about $75,000, first came to light last week, based on a post on Bleeping Computer's user forum. A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated. The website was running on Ubuntu 16.04. The B0r0nt0K ransom note is not displayed in a text format or in the message itself, based on the report. Instead, the screen display on the infected system links to the ransomware developer's website, which delivers details of the encryption and the payment demand. The display includes a personal ID required for logging onto the site. The initial compromise vector in this incident is not yet known nor has a sample of the malware been obtained by researchers. Without a sample of the malware, it is likely that most antivirus products, particularly those that rely on static signatures, will fail to prevent this infection.

After completing the logon to the ransomware website, victims will see the ransom amount, the bitcoin payment address, and the info@botontok.uk email to contact the developers. The inclusion of contact information on one of the displayed message screens suggests that the developers are willing to negotiate the price, according to 2-Spyware.com. The virus developers encourage infection victims to pay the ransom in three days via the form on their provided website to avoid the permanent deletion of their files.

A cryptovirus like B0r0nt0k can disable security tools or other functions to keep running without interruption. The B0r0nt0k ransomware can modify more crucial parts of the computer if left untreated. The ransom is high and suggests a potential ulterior motive, according to Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks. It is not known how the ransomware was executed on the victim's Web server. While it's not clear how the B0r0nt0K ransomware infected the Linux servers in question, typically it comes back to server misconfigurations or from running out of date versions of software with known remote code execution vulnerabilities.

A continued threat hides with cryptoware, even if you succeed in decrypting your files. A hacker easily can add a backdoor into that server for remote access at a later time, so restoring from a backup is really the only solution. Do not assume paying the ransom will allow you to decrypt your data. There is no guarantee that the ransomware author is going to uphold their end of the bargain. So far, the B0r0nt0K ransomware stands out only for to the ransom amount it asks for.