Buran ransomware is yet another group that has applied RaaS (Ransomware as a Service) tactics, which is nothing more than outsourcing attacks. The groups that apply this tactic present their malware in forums on the Dark Web in search of buyers willing to make attacks.
RaaS expands the scope of ransomware, increasing the number of attacks exponentially. Even as the scope expands, the group avoids attacking certain countries such as Russia, Belarus, and Ukraine.
Buran is designed to check what language the operating system is in, if it is from one of these countries, the encryption is not done, but if the encryption has already been started, the group releases the decryption key for free.
Buran Ransomware is distributed using the Rig Exploit Kit, it invades devices through spam emails, cracked program download sites. In some cases, they send emails with attachments named as important files such as receipts, invoices and accounts payable.
Buran has the encryption algorithm unknown, however they probably use RSA and AES, which are the most commonly used types in all ransomware.
After encrypting all files on the attacked computer or device, they create a text file (“!!! YOUR FILES ARE ENCRYPTED !!!. TXT”), and place it on the desktop. And they block administrator access, preventing them from altering, saving or editing the files.
In the ransom note the group informs that the files have been encrypted and that their decryption is only possible with a key that is kept by the group on a remote server. This key will only be released when the victim pays the ransom.
It is worth remembering that there is no guarantee that the group will release the decryption key after the ransom is paid, so it is recommended that the victim look for other solutions, such as backups, in case he/she has not been encrypted, and companies specialized in recovering files encrypted by ransomware, such as Digital Recovery.
Digital Recovery works on highly complex cases of ransomware attacks. We have developed exclusive technologies that enable us to recover files encrypted by any ransomware extension, on any storage device.
Our solutions have been developed by our experts and, all of them are compliant with the General Data Protection Regulation (GDPR), the whole process is done with complete security.
We can recover data remotely, in cases where sending the affected media is not possible. This recovery is done in a totally secure virtual environment, and may speed up the recovery process.
We know that confidentiality in these cases is essential, so we provide all our customers with a confidentiality agreement (NDA), all files are kept confidential.
Start the recovery process right now, talk to a specialist.