B0r0nt0k – What is it and how can you avoid it?
B0r0nt0k is the latest piece of ransomware that is specifically targeting Windows and Linux based servers. Whilst the first generation of ransomware primarily targeted end users, many cybercriminals have moved on to targeting servers owned by medium sized and large enterprises in the belief that the victim is more likely to pay up as the costs of losing their data will simply be too high.
What does it do?
B0r0nt0k encrypts all of the files that it can find on a server, encrypts them and demands a ransom of up to $75,000 to provide the decryption key. It is almost impossible to reverse this type of encryption without having the decryption key, certainly not in the timely manner that most clients would expect.
How can I be protected?
While your first line of defense should always involve installing security updates, using strong passwords and taking other sensible measures to ensure that your systems are as well protected as possible, it’s almost impossible to fully immunize yourself from the threat of this type of ransomware. Therefore, it’s also important to have a backup available, just in case the worst happens. To comply with the generally accepted best practice, you should store at least one of your backups remotely, so that an incident like a robbery or a fire in your data center doesn’t destroy every copy of your data that’s available.
A reliable backup means that if the worst were to happen and your servers were infected with B0r0nt0k or a similar piece of ransomware, you could be back up and running using your most recent regularly scheduled backup within a matter of hours, without even having to consider the ransom demand being made by the malware’s developers. Going without an offsite backup means that you are taking a big risk with your data.