• Follow us

Technology

B0r0nt0K Ransomware Threatens Linux Servers | Software

A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files.

The new ransomware threat and the ransom of 20 bitcoins (about US$75,000) first came to light last week, based on a post on Bleeping Computer's user forum.

A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated. The website was running on Ubuntu 16.04.

The B0r0nt0K ransom note is not displayed in a text format or in the message itself, based on the report. Instead, the screen display on the infected system links to the ransomware developer's website, which delivers details of the encryption and the payment demand. The display includes a personal ID required for logging onto the site.

"The initial compromise vector in this incident is not yet known nor has a sample of the malware been obtained by researchers," said Kent Blackwell, threat and vulnerability assessment manager at Schellman & Company.

"Without a sample of the malware or other indicator of compromise, it is likely that most antivirus products -- particularly those that rely on static signatures -- will fail to prevent this infection," he told LinuxInsider.

Payment Risky Business

After completing the logon to the ransomware developer's website, a payment page appears that includes the bitcoin ransom amount, the bitcoin payment address, and the info@botontok.uk email to contact the developers.

The inclusion of contact information on one of the displayed message screens suggests that the developers are willing to negotiate the price, according to 2-Spyware.com. The word "Negotiate?" precedes the email address to reach the ransomware developers.

The ransom note is generated on the screen of a Web browser window. The virus developers encourage infection victims to pay the ransom in three days via the form on their provided website to avoid the permanent deletion of their files.

However, the alleged decryption key might never be delivered to victims who pay the huge ransom amount, 2-Spyware.com warns on its website. The company recommends not paying the ransom since it gives no guarantee.

Hidden Damage

A cryptovirus like B0r0nt0k can disable security tools or other functions to keep running without interruption, warns 2-Spyware.com. The B0r0nt0k ransomware can alter more crucial parts of the computer if left untreated.

The asking price for this ransom is quite high and suggests a potential ulterior motive, according to Mounir Hahad, head of the Juniper Threat Labs at Juniper Networks.

"Maybe the perpetrator is just testing his approach on a less prominent website before moving on to wealthier targets," he told LinuxInsider.

It is not yet known how the ransomware was executed on the victim's Web server, said Blackwell.

"Ransomware needs a way in," said Josh Tomkiel, threat and vulnerability assessment manager at Schellman & Company.

"While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities," he told LinuxInsider.

Keep Your Guard Up

A persistent threat lurks with cryptoware, even if you succeed in decrypting your files, Tomkiel warned. Never assume that you are "out of the woods yet."

A ransomware author easily can add a backdoor into that server for remote access at a later time, so restoring from a backup is really the only solution, he noted.

"Do not assume paying the ransom will allow you to decrypt your data. There is no guarantee that the ransomware author is going to uphold their end of the bargain," said Tomkiel.

All that appears certain about the B0r0nt0k ransomware is that it is not a novel attack.

So far, the B0r0nt0K ransomware stands out only for to the ransom amount it seeks, Blackwell said.

"There is nothing particularly novel about this specific attack, although it looks not to have been triggered by clicking on an email," Mukul Kumar, CISO and VP of cyber practice at Cavirin, told LinuxInsider.

No Backups? Big Trouble

Ransomware attacks like B0r0nt0K prey on organizations that lack preparation. You may be in trouble if you don't have a recent backup and have fallen victim to B0r0nt0k ransomware, warned Marc Laliberte, senior threat analyst at WatchGuard Technologies.

"We don't have a copy of the payload to analyze at this time because B0r0nt0K is so new, but we do know the ransomware uses strong encryption -- likely an AES variant, which is the standard for ransomware these days," he told LinuxInsider.

This means you should not bank on being able to decrypt your files without paying, Laliberte noted -- but paying the ransom does not always guarantee you will get your files back.

"The only thing guaranteed by paying is that these threat actors now have more funding and incentive to launch further attacks. This is why having a backup and restoration process is critical for every organization," he said.

Restoring backups after a ransomware attack is still a time-consuming process, though, which means you also should take steps to prevent the infection in the first place. Applying the latest security patches to your applications and servers is potentially the single most important step you can take to shore up your defenses, but it is not enough, Laliberte cautioned.

"Combating ransomware requires a multilayer defensive approach, including intrusion prevention services to block application exploits, and advanced malware-detection tools that use machine learning and behavioral detection to identify evasive payloads," he said.

Employee training is critical too, as most traditional ransomware attacks start with a phishing email. Phishing awareness, paired with technical defensive tools, can go a long way toward keeping your organization safe from ransomware like B0r0nt0K, according to Laliberte.

What Else to Do

The most active way to prevent B0r0nt0K from entering your Linux server is to close the SSH (secure shell) and the FTP (file transfer protocol) ports, said Victor Congionti, CEO of Proven Data.

"These are two of the main approaches ... these hackers seem to be targeting to run the encryption scripts. The ransomware seems to use a base64 algorithm which converts characters to bits, which creates an extremely difficult decryption process to regain control," he told LinuxInsider.

It is also possible that these attacks are being sent in through basic CMS (content management system) vulnerabilities. If users on Linux are utilizing a CMS to manage the content on their website, it is possible that this serves as a vulnerability in the security framework of the system, Congionti noted.

It is becoming more common for cybercriminals to find exposures in these seemingly secure applications, which allows them to make drastic changes to the security and permission settings of the network, he pointed out.

Most websites are deployed using a source version control system that can redeploy a clean version of the website in no time, noted Juniper's Hahad.

"The only potentially permanent damage is to any content management system database if such a thing is used and is not backed up," he said.

Don't Pay - Do This Instead

Victims definitely should not pay the ransom. Instead, Hahad suggests the following:

Restore the site from source control or backups; Change all admin passwords; Audit the software stack for known vulnerabilities that could have allowed the attacker in, and patch as appropriate; Audit the site's configuration for any weak spots; Disable services that are not critical, and close those open ports; Ensure backups are operational; and Conduct a penetration test of the Internet-facing network footprint.

One final suggestion is to assume a breach, said Darin Pendergraft, vice president at Stealthbits Technologies.

"The best way to be prepared is to assume you will be breached, and then take steps to secure your servers and workstations accordingly," he told LinuxInsider. "Assume an attacker is in your network and has control of a workstation. Then decide what data or IT resources they will want to steal or encrypt. Then take the extra steps to secure those resources."

Top priority is to find your sensitive data, Pendergraft said. These include patient data, customer information and financial records. Make sure they are secured and accessible only by approved employees. Monitor those resources for unusual file behavior like bulk copy, delete or file encryption. Ensure you have an emergency plan in place to react within minutes.

"These steps won't prevent an attack," he acknowledged, "but they could mean the difference between a security incident and a full-blown breach."

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software. Email Jack.

Read More



Leave A Comment

More News

TechNewsWorld

August Adds Wireless HD Video Doorbell to Smart 2019-03-06 08:00:00The August View is a wireless doorbell that can stream sharp 1440p HD video. It supports two-way audio, so you can talk to guests via an Internet conn

Facebook's 2FA 'Security' Practices Violate User Privacy 2019-03-05 13:56:58Facebook has undermined privacy on its network by exposing mobile phone numbers provided to secure user accounts through two-factor authentication. Th

EasyOS Teaches an Old Dog New Tricks 2019-03-05 08:00:00EasyOS is an experimental Linux distribution that either will renew your passion for using something different or leave you disappointed in its oddbal

Michael Cohen and the Creation of a Deep 2019-03-04 08:00:00Like many of you I was fascinated by the Michael Cohen testimony last week in what was more performance art than fact-finding. It tends to be fascinat

Why Children Should Learn to Code 2019-03-01 13:33:47Learning to code, regardless of the path a child chooses to take, is crucial today. Research shows us that this knowledge will be important in any car

Google Taps ML to Boost Wind Farm Output 2019-02-28 08:00:00Predicting the power output of wind farms has been challenging, but it's becoming less so with the use of machine learning. Google and British AI com

B0r0nt0K Ransomware Threatens Linux Servers 2019-02-27 15:21:56A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's file

Microsoft Defends Jumping in AR Bed With Military 2019-02-27 13:31:55Microsoft CEO Satya Nadella has defended the company's $479 million contract with the U.S. military -- a commitment that some Microsoft employees str

Android Addition Opens FIDO Password Killer to Billions 2019-02-26 08:00:00The FIDO Alliance hammered another nail into the passwords coffin with the announcement that devices running Android 7.0 or higher will be compatible

The Latest Efforts to Make the iPhone Obsolete 2019-02-25 13:18:10The Mobile World Congress is the annual event where everyone who hates Apple goes to grouse about their profits and point out Apple's lack of real pr

The 3D E-Commerce Revolution 2019-02-22 11:42:56We're living in a time when customer expectations change particularly fast, and retailers that can't keep up get left behind. A consumer who enjoys

GhostBSD: A Solid Linux-Like Open Source Alternative 2019-02-21 13:54:20The subject of this week's Linux Picks and Pans is a representative of a less well-known computing platform that coexists with Linux as an open sourc

PCWorld

6 big questions cord-cutters should ask about AT&T's 2019-03-07 06:00:00AT&T's management shakeup raises new questions about its streaming TV plans.

WebAuthn: What you need to know about the 2019-03-07 06:00:00WebAuthn is a new way of logging into websites that may finally free you from remembering passwords. Instead, you’ll use you: your fingerpr

Why you should or shouldn't buy a GeForce 2019-03-06 19:58:00Nvidia’s GeForce RTX GPU for laptops has arrived, hot on the heels of its announcement at CES. Unfortunately, all the hand-wringing and chest-be

Zuckerberg, Facebook commit to building 'privacy focused platform,' 2019-03-06 15:19:00Facebook chief executive Mark Zuckerberg said Wednesday that Facebook would commit to building a new “privacy-focused platform” that would

Best Fitbit: We help you choose the right 2019-03-06 13:30:00What is the best Fitbit? Our guide will help you find the one that best matches your activity level and habits, without spending more than you need.

Sonos is shipping a second-generation Sonos One smart 2019-03-06 13:17:00The Sonos One (Gen 2) features Bluetooth LE connectivity, a faster processor, and more memory.

Fitbit Versa Lite and Inspire HR hands-on: Affordability 2019-03-06 12:23:00Fitbit slims its lineup, trims prices with new Versa, Inspire, and Ace 2 in an effort to attract first-time wearable buyers.

Devil May Cry 5 review: Satisfying, slick, and 2019-03-06 11:00:00The problem is when Devil May Cry is at its best, it defies explanation. Sure you can try, and I’m going to for professional reasons.

Up your PC game with an all-time low 2019-03-06 09:52:00Switching to a good mechanical keyboard can completely transform your PC experience, especially if, like us, the majority of your day consists of tapp

How to add music to your PowerPoint presentations 2019-03-06 06:31:00You can add music to your PowerPoint presentations—and if done right, your audience will thank you. It can't replace good content, of course, b

Cambridge Audio Alva TT turntable review: Spin all 2019-03-06 06:00:00This easy-to-use, high-performance turntable lets you stream your favorite records to any audio system with a Bluetooth receiver, including wireless h

HP Spectre x360 15 (2019) review: A prettier, 2019-03-06 05:55:00The 2019 edition of the HP Spectre x360 15 convertible has a hard act to follow. We previously awarded HP’s Spectre x360 15 (2018) an Edito

TIME » Time Sections »

Nintendo Just Announced Cardboard Virtual Reality Goggles for 2019-03-06 22:30:33The new kit is part of Nintendo's Labo series of DIY Switch accessories

Top Democrats Introduce Bill to Restore Obama-Era Net 2019-03-06 15:19:43The bill will face a tough time becoming law

Facebook CEO Mark Zuckerberg Makes Big New Promises 2019-03-06 14:43:35Mark Zuckerberg laid out a new "privacy-focused" vision for social networking

Google Street View Now Lets You Take a 2019-03-06 13:41:49Just don't stick your head inside

Review: The Samsung Galaxy S10+ Is Perfectly Fine, 2019-03-05 16:06:40It's the latest and greatest in an era of smartphone design that's coming to an end

How Nintendo’s Embrace of Indie Games Is Helping 2019-03-04 13:22:48Nintendo is helping indie games makers find an audience — and it stands to reap the rewards

SpaceX’s New Crew Capsule Successfully Docks at the 2019-03-03 08:49:49The station astronauts offered congratulations to SpaceX

Elon Musk’s Silly ‘Elon Tusk’ Twitter Profile Kicked 2019-03-01 10:17:49It turns out the name change was meaningless

Tesla Launches Its Highly Anticipated Model 3 Starting 2019-02-28 17:31:39Musk is scheduled to hold a conference call with reporters

YouTube Bans Comments on Millions of Videos Featuring 2019-02-28 16:56:28The Google unit announced the move after criticism and the loss of advertisers

How This Politician Put Britain at the Forefront 2019-02-19 05:00:48Damian Collins is leading the global drive to rein in Facebook's power

Your iPhone’s Contacts App Is More Powerful Than 2019-02-15 06:00:18Here are 5 ways to get the most out of it

TechCrunch

SoftBank launches the Innovation Fund, committing $2B to 2019-03-07 08:05:22While SoftBank continues to make big bets on startups out of its $100-billion Vision Fund, it has also launched another investment vehicle to invest i

Cabify returns to Barcelona with a workaround for 2019-03-07 06:41:00Well that didn’t take long. Despite warning loudly and publicly that incoming changes to private hire vehicle (VTC) rules in Catalonia would dri

Playfair Capital, the U.K.-based seed firm, announces $32M 2019-03-07 04:00:22Playfair Capital, the U.K. seed investor, has raised a new $32 million fund to continue investing in promising early-stage tech startups. The VC firm,

The Khashoggi murder isn’t stopping SoftBank’s Vision Fund 2019-03-07 01:39:14Money talks in the startup community, especially when SoftBank comes knocking with the megabucks of its Vision Fund. Despite the public outcry around

Tesla’s new Supercharger slashes charging times 2019-03-07 01:20:05Tesla is rolling out a third generation Supercharger that is designed to dramatically cut charging times for its electric vehicles as it seeks to keep

Raisin, the marketplace for savings and investment products, 2019-03-07 01:00:31Hot on the heels of raising $114 million in Series D funding, Raisin, the pan-European fintech marketplace for savings and investment products, has ac

Taxify rebrands as Bolt to expand its transport 2019-03-06 23:59:38Taxify, the ride-hailing company from Estonia backed by Didi and Daimler and now active in 30 countries, is making a key shift in its business today a

Podcasts, smart speakers soar as social media stalls, 2019-03-06 22:23:14The 2019 edition of a popular annual survey shows usage of social media by Americans is stalling while ownership of smart speakers and tablets has soa

Nintendo brings virtual reality to the Switch with 2019-03-06 22:20:21Google showed off virtual reality designed around cardboard in 2014, but it looks like Nintendo is ready to get in on the action now as well with a ne

Huawei is suing the US government over ‘unconstitutional’ 2019-03-06 21:34:01Huawei has decided to go on the legal offence against the United States government after defending itself against alleged espionage and bank frauds li

Personalized wine? This Milwaukee company just raised $8.5 2019-03-06 21:05:35Wine buying is daunting for most people, whether it’s online or off a menu or in an aisle filled with so many brands that it’s hard not to

Omidyar Network spins out its fintech investment arm 2019-03-06 19:36:41After twelve years spent investing in impact-oriented financial services startups around the globe, the Omidyar Network, which serves as the family in

FOX News

Zuckerberg lays out vision for 'privacy-focused' social networking 2019-03-06 17:17:51Facebook CEO Mark Zuckerberg has vowed to develop new privacy-shielding messaging services as the social network comes under increasing pressure over

Air Force deploys new handgun as it modernizes 2019-03-06 16:15:58The Air Force has started deployment of its new M18 Modular Handgun System.

iPhone sales are falling, and Apple's app fees 2019-03-06 14:17:10Last year, every time someone paid $11 for Netflix through an iPhone app, Apple pocketed as much as $3.30. Multiply that by every charge made through

Twitter's Jack Dorsey says company was probably 'way 2019-03-06 13:32:56Twitter CEO Jack Dorsey said the platform has been too aggressive in banning certain accounts from the platform. 

Facebook plans to turn your profile into ‘virtual 2019-03-06 10:56:08Facebook is adding a new feature for memorialized accounts, which will allow users to leave messages in a 'Tributes' section that is separate from t

Creepy AI will reportedly spot shoplifters before they 2019-03-06 10:40:14A creepy new AI system could identify shoplifters before they actually steal based on their body language. 

Navy's torpedo-armed Poseidon spy planes track China's nuclear 2019-03-06 08:28:28The increasing global reach of Chinese nuclear-armed ballistic missile submarines, armed with JL-2 weapons reportedly able to hit parts of the US, con

Silicon Valley hit with new digital tax in 2019-03-06 07:48:09The French government on Wednesday introduced a new levy aimed at big tech giants, adding to momentum behind more than a dozen similar measures g

Google study finds it underpaid men in certain 2019-03-06 04:32:04A study conducted by Google to determine whether it was underpaying women and minorities found it was actually paying men less than women for doing si

Shark skin studied by US military to make 2019-03-05 19:00:47The skin of the mako shark is being studied by the U.S. Army to help them build faster aircraft, according to research presented on Monday.

China's Huawei spy risks threaten U.S diplomacy abroad 2019-02-21 18:30:55For months, American officials have been warning that Chinese telecommunications giant is obligated to their government and has the capacity to spy on

FTC must probe Facebook for violating children's privacy 2019-02-21 13:33:00A coalition of 16 consumer groups on Thursday called on the FTC to investigate whether Facebook engaged in unfair and deceptive business practices in

SlashGear

Mercedes’ beautiful CLA Shooting Brake won’t come Stateside 2019-03-07 08:14:57There are lots of Americans out there that would like to have a slick wagon, or shooting brake but alas the wagon isn’t that popular here, so fe

NASA’s awesome supersonic shockwave images are breathtaking 2019-03-07 07:32:07NASA has shared an image of a pair of supersonic aircraft that is a first of its kind, and the image is incredibly beautiful. The pictures you see her

Huawei sues the US government over ban, says 2019-03-07 01:22:16Huawei has finally had it with the US government and it’s taking the bait. Whether it will emerge victorious or humiliated is something the tech

Meizu Note 9 mixes 48 MP camera with 2019-03-07 00:40:38Meizu’s attempt to sell even the idea of a button-less smartphone may have ended up as a total flop, but that’s not going to make a dent i

Tesla V3 Supercharging promises 75-mile range in 5 2019-03-07 00:03:32Fast charging isn’t a necessity for mobile devices only. While electric cars offer fewer worries about carbon footprints, they increase worries

GameClub wants to update, maintain abandoned iOS games 2019-03-06 23:40:08The removal of the historic Infinity Blade games from the iOS App Store last December highlighted a malady that besets the mobile app market. Once unm

Gmail Smart Compose expands to all Android phones 2019-03-06 23:06:37For some people, writing emails is as natural as breathing or speaking. For others, nothing fills them with such dread. In order to ease the burden of

Samsung explains why Galaxy Fold’s innie is better 2019-03-06 22:21:20It will soon be a war of words between Samsung and Huawei as the two rivals butt heads over foldable phones. Despite having tested both methods, each

Low-meat diet early in life linked to better 2019-03-06 21:45:51A newly published study has found a link between consuming certain heart-healthy diets during young adulthood and better cognitive performance in midd

Nintendo Switch Labo VR Kit revives the Virtual 2019-03-06 21:17:05Years before virtual reality even became the thing it is now, Nintendo was already toying around with bringing VR to its portfolio. That ended up as a

Maru OS 0.6 brings updated Android/Linux convergence to 2019-03-06 20:41:25The dream of a smartphone also acting as your PC has mostly been hampered by the unavailability of the desktop software we’ve come to expect fro

Google Duplex now lets you book restaurants in 2019-03-06 20:09:14Duplex is one of those demonstrations of Google’s AI chops that was both awe-inspiring and almost frightening at the same time. It showed how tr

Electrek

Tesla carrier spotted transporting a wrapped pickup truck, 2019-03-07 05:30:39 A Tesla carrier was spotted with a truckload of Tesla vehicles, which is nothing out of the ordinary, aside from the fact that one of the vehicles wa

Tesla launches new Supercharger with 1,000 mph charging, 2019-03-06 23:02:32 In Fremont today, Tesla is launching the next generation Supercharger V3 with higher charging capacity (250 kW), better efficiency, and more. Some of

Tesla updates self-driving language, creates confusion and walks 2019-03-06 21:01:28 Today, Tesla updated its language regarding Autopilot and self-driving capability on its website – walking back some previously announced featu

Biomass battle: lawsuit challenges EU on ‘renewable energy’ 2019-03-06 15:38:45 The European Union is relying heavily on burning forest biomass to meet its carbon emissions goals. And now it’s facing a legal challenge that&

Tesla releases first glimpse of Supercharger V3 ahead 2019-03-06 14:50:41 Tesla has released a first glimpse of Supercharger V3 in an invite to a select few owners ahead of the launch of the new fast-charging station in Fre

Lightning Strike electric motorcycle capable of charging on 2019-03-06 14:18:43 Lightning Motorcycles still hasn’t entirely dropped the veil on their upcoming 150 mph (241 km/h) Strike electric motorcycle. But they have sha

Harley-Davidson updates LiveWire electric motorcycle specs, boosts range 2019-03-06 13:10:19 Harley-Davidson’s new LiveWire premium electric motorcycle will begin deliveries this fall. Ahead of production, the company has now released m

Tesla produces first batch of standard Model 3 2019-03-06 13:02:51 Less than a week after having launched the new base versions of the Model 3, Tesla has already produced the first batch of Model 3 vehicles with the

Michael Bloomberg passes on presidential run to go 2019-03-06 12:39:05 Michael Bloomberg won’t be running for president in 2020, but the former New York City mayor/billionaire businessman has set his sights on clim

Green Deals: WORX 20V 12-inch Cordless Electric String 2019-03-06 12:25:02 Today only, Woot offers the WORX WG163 20V GT 3.0 12-inch Cordless String Trimmer/Edger with three batteries for $79.99 Prime shipped. Non-Prime memb

Waymo selling its custom-built LIDAR sensor to robotics, 2019-03-06 11:19:15 In addition to operating a Lyft/Uber competitor, commercial trucks, and possibly licensing self-driving tech to carmakers, Waymo has another way to m

This cute little Motochimp V2 electric scooter is 2019-03-06 11:09:49 Much like the riders that use them, electric scooters come in all shapes and sizes. While you’re probably familiar with the standard electric k


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.