What is Buran Ransomware

Buran Ransomware is harmful crypto-virus, that uses AES encryption algorithm to encode your files and demands ransom in BTC (Bitcoins) afterwards. Technically, it is successor of VegaLocker (Vega Ransomware) and Jamper (Jumper) Ransomware. Buran Ransomware adds complex extension to affected files and uses special template: randomly generated 8-4-4-4-12 letters alphanumerical sequence. For example: .1C81A230-7B5F-4AE4-6F71-EB3958F83XXX, .62E93854-821C-3F0E-7556-D0F4F2E6E1C2. Files become inaccessible and unreadable. After successful encryption virus creates ransom note file: !!! YOUR FILES ARE ENCRYPTED !!!.TXT. Below you can get acquainted with the content of such notes and observe the picture of it.

Buran (version 1)Buran (version 2)Buran (version 3)

Hello. Your files are encrypted. Do not worry, we can help you. You can contact us by email.
recovery_server@protonmail.com
recovery1server@cock.li
Send us 3-5 any encrypted files no larger than 10 MB. And also send us your personal ID:
62E93854-821C-3F0E-7556-D0F4F2E6E1C2
>>> Attention !!!
Send a message to both mailboxes, since the letter cannot get into one of the mailboxes.


!!! YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important
files are encrypted.
You are not able to decrypt it by yourself! The only method
of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an
email jacksteam2018@protonmail.com and decrypt one file for free. But this
file should be of not valuable!
Do you really want to restore your files?
Write to email jacksteam2018@protonmail.com OR notesteam2018@tutanota.com
Your personal ID: 1C81A230-7B5F-4AE4-6F71-EB3958F83XXX
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software,
it may cause permanent data loss.
* Decryption of your files with the help of third parties may
cause increased price (they add their fee to our) or you can
become a victim of a scam.


!!! YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important
files are encrypted.
You are not able to decrypt it by yourself! The only method
of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an
email polssh1@protonmail.com and decrypt one file for free. But this
file should be of not valuable!
Do you really want to restore your files?
Write to email polssh1@protonmail.com, polssh@protonmail.com
Your personal ID: -
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software,
it may cause permanent data loss.
* Decryption of your files with the help of third parties may
cause increased price (they add their fee to our) or you can
become a victim of a scam.

Malware uses the file marker BURAN, added to the top of the file code. Buran Ransomware encrypts all files except whitelisted. It will most likely be MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, etc. Here is the white list of file extensions, that are not touched by the virus:

.buran, .cmd, .com, .cpl, .dll, .exe, .log, .msp, .msc, .pif, .scr, .sys

There are also certain files and folders protected from encryption because the purpose of malefactors is not to ruin the PC, but extort money in return for decryption. However, we do not recommend you to pay the ransom, because, usually, hackers don’t send any decryptors. Tips and tricks featured on this page will help you to recover at least some of the files encrypted by Buran Ransomware. Use instructions in the article below to remove Buran Ransomware and decrypt your files in Windows 10, 8/8.1, Windows 7.

  1. Download Buran Ransomware Removal Tool
  2. Get decryption tool for encrypted files
  3. Recover encrypted files with Stellar Phoenix Data Recovery Pro
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like Buran Ransomware

buran ransomware

How Buran Ransomware infected your PC

Buran Ransomware may already be on sites that distribute hacked programs. One of these sites is crackzsoft.com, one visit to the pages of which for an unprotected computer can have disastrous consequences (XXS attacks using JS, Flash Player and something else). According to BleepingComputer, on these sites, there is a set of RIG exploits on hand. Distributed as ransomware for sale in underground forums. The virus can be also distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, web injections, fake updates, repackaged and infected installers. Virus assigns certain ID with the victims, that is used to name those files and supposedly to send decryption key. In order to prevent infection with this type of threats in future we recommend you to use Norton Antivirus, SpyHunter 5, BitDefender or any reputable antivirus program.

Download Removal Tool

Download Removal Tool

To remove Buran Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of Buran Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.

Alternative Removal Tool

Download Norton Antivirus

To remove Buran Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Buran Ransomware and prevents future infections by similar viruses.

How to remove Buran Ransomware manually

It is not recommended to remove Buran Ransomware manually, for safer solution use Removal Tools instead.

Buran Ransomware files:


!!! YOUR FILES ARE ENCRYPTED !!!.TXT
2.exe
2.1.exe
ctfmon.exe
1068A408.buran
68552A69.buran
{random}.exe

Buran Ransomware registry keys:


HKEY_CURRENT_USER\Software\Buran
HKEY_CURRENT_USER\Software\Buran\Service

How to decrypt and restore your files

Use automated decryptors

kaspersky ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt your files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

If you are infected with Buran Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Phoenix Data Recovery Pro to restore your files

  1. Download Stellar Phoenix Data Recovery Pro.
  2. Select location to scan for lost files and click Scan button.
  3. Wait until Quick and Deep scans finish.
  4. Preview found files and restore them.

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like Buran Ransomware, in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus vendor BitDefender released free tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. It will not conflict with bigger security applications. If you are searching complete internet security solution consider upgrading to full version of BitDefender Internet Security 2018.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

onedrive backup

Regardless of success of protection against ransomware threats, you can save your files using simple online backup. Cloud services are quite fast and cheap nowadays. There is more sense using online backup, than creating physical drives, that can get infected and encrypted when connected to PC or get damaged from dropping or hitting. Windows 10 and 8/8.1 users can find pre-installed OneDrive backup solution from Microsoft. It is actually one of the best backup services on the market, and has reasonable pricing plans. Users of earlier versions can get acquainted with it here. Make sure to backup and sync most important files and folders in OneDrive.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove Mapsnow.co (Windows and Mac)
Next articleHow to remove Jamper (Jumper) Ransomware and decrypt .jamper, .jumper or .SONIC files
James Kramer
Hello, I'm James. My website Bugsfighter.com, a culmination of a decade's journey in the realms of computer troubleshooting, software testing, and development. My mission here is to offer you comprehensive, yet user-friendly guides across a spectrum of topics in this niche. Should you encounter any challenges with the software or the methodologies I endorse, please know that I am readily accessible for assistance. For any inquiries or further communication, feel free to reach out through the 'Contacts' page. Your journey towards seamless computing starts here