B0r0nt0k Ransomware

The B0r0nt0k Ransomware is an encryption ransomware Trojan that first appeared on February 25, 2019. The B0r0nt0k Ransomware was noticed for the first time after it encrypted the victims' files and changed their names, adding the file extension '.rontok' to each compromised file. The B0r0nt0k Ransomware carries out a typical encryption ransomware attack, targeting Linux servers, in particular, in the most extensive campaign associated with this threat. The B0r0nt0k Ransomware, like most malware of this type, is designed to take the victim's files hostage, making them inaccessible and then demanding a ransom payment in exchange for the decryption key needed to restore the affected data.

Symptoms of a B0r0nt0k Ransomware Attack

The B0r0nt0k Ransomware will typically be delivered to the victims' computers by taking advantage of lax security measures such as poor passwords or through social engineering weaknesses. Once the B0r0nt0k Ransomware has managed to infiltrate the infected computer, the B0r0nt0k Ransomware will use a strong encryption algorithm so that the victim's files become inaccessible, by blocking the victim's access to the compromised data. The B0r0nt0k Ransomware will target a wide variety of file types in its attack. The files that will typically become unusable after being infected with the B0r0nt0k Ransomware Trojan include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The B0r0nt0k Ransomware attack will rename the files that become compromised by this threat, using the base 64 and their names will be replaced with the file extension '.rontok.'. Once the victim's data has been compromised, the B0r0nt0k Ransomware delivers a ransom note as a text file named 'Read_Me.txt', which demands that the victim connects to a payment URL and pays a large ransom of 20 Bitcoin (approximately 75,000 USD at the current exchange rate) and asks that the victims contact the criminals via the email address ‘info@borontok.uk,' which is not sponsored by security experts.

Protecting Your Data from Threats Like the B0r0nt0k Ransomware

The best protection against threats like the B0r0nt0k Ransomware is to have backup copies of all of your data. Security researchers advise computer users to have these backups stored on independent devices. Apart from file backups, it is important to use a malware removal program that is fully up-to-date to intercept attacks such as the B0r0nt0k Ransomware to prevent them from infecting a computer and take steps to stop any potential vulnerabilities that could facilitate a B0r0nt0k Ransomware infection.