• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Coinbased Smishing Campaign Dropping a Malicious URL
February 25, 2019
Rewterz Threat Alert – WinRAR ACE Vulnerability Exploited Through Malspam to Install Backdoor
February 26, 2019

Rewterz Threat Alert – B0r0nt0K Ransomware Infects Linux Servers via Unknown Attack Vector

February 25, 2019

Severity

Medium

Analysis Summary

A ransomware called B0r0nt0K has surfaced which is encrypting victim’s web sites and demanding a 20 bitcoin or approximately $75,000 ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

The encrypted website which is under analysis was running on Ubuntu 16.04. No sample of the ransomware was found on the target site after it was encrypted. However, the following ransom note was found.

Furthermore, the ransom amount, the contact email address of the threat actors and the bitcoin address can be seen in the snapshot below.

The email address is associated with a malicious URL given below, whose source code contains the term “Vietnamese Hacker”, hinting at the potential origin of this ransomware campaign.

Impact


Files Encryption


Affected Products

Linux Servers

Windows Servers

Indicators of Compromise


URLs

hxxps[:]//borontok[.]uk

Extension

.rontok

Email Address

info@borontok.uk

Remediation

Since the initial attack vector of this attack is still unknown, vigilant behavior should be followed while clicking on links, opening emails, downloading any kind of software, documents or applications from the internet.

Observing the frequency of malspam campaigns, downloading email attachments should specially be avoided.

Moreover, all vulnerabilities should be timely patched and security updates should be installed regularly.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.