A new ransomware called B0r0nt0K is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.
In a BleepingComputer forum post, a user stated that a client’s web site was encrypted with the new B0r0nt0K Ransomware. This encrypted web site was running on Ubuntu 16.04 and had all of its files encrypted, renamed, and had the .rontok extension appended to them.
As a sample of the ransomware has not been found, there is not much information other than what we have learned from the submitted files and by examining the payment site.
According to Michael Gillespie, when B0r0nt0K encrypts a file it will base64 the encrypted data as shown below.