Ransomware Buran

Buran ransomware is yet another group that has applied the RaaS (Ransomware as a Service) tactic, which is nothing more than outsourcing attacks. The groups that apply this tactic present their malware in forums on the Dark Web in search of buyers willing to carry out attacks.

RaaS expands the scope of ransomware, increasing the number of attacks exponentially. Even though the scope expands, the group avoids attacking certain countries such as Russia, Belarus, and the Ukraine.

Buran is designed to check what the language of the operating system is, if it is from one of these countries, the encryption is not done, but if the encryption has already been started, the group releases the decryption key for free.

The Buran Ransomware is distributed using the Rig Exploit Kit, it breaks into devices through spam e-mails, cracked program download sites. In some cases they send emails with attachments named as important files such as receipts, invoices, and accounts payable.

Buran has the encryption algorithm unknown, however they probably use RSA and AES, which are the most commonly used types in all ransomware.

After encrypting all files on the attacked computer or device, they create a text file (“!!! YOUR FILES ARE ENCRYPTED !!!. TXT”), and place it on the desktop. And they block administrator access, preventing them from changing, saving or editing the files.

In the ransom note the group informs you that the files have been encrypted and that their decryption is only possible with a key that is held by the group on a remote server. This key will only be released when the victim pays the ransom.

It is worth remembering that there is no guarantee that the group will release the decryption key after the ransom is paid, so it is recommended that the victim should look for other solutions, such as backups, in case he/she has not been encrypted, and companies specialized in recovering files encrypted by ransomware, such as Digital Recovery.

Buran Ransomware

Recover Files Encrypted by Buran Ransomware

Digital Recovery works on highly complex cases of ransomware attacks. We have developed unique technologies that enable us to recover files encrypted by any ransomware extension, on any storage device.

We can recover data remotely, in cases where sending the affected media is not possible. This recovery is done in a fully secure virtual environment, and may speed up the recovery process.

We know that confidentiality in these cases is essential, which is why we provide all of our customers with a confidentiality agreement (NDA); all files are kept confidential.

Start the recovery process right now, talk to a specialist.

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.