Jump to content

STORM / BURAN / STORM - Encrypted files - Ransomware

Recommended Posts

Hello community,

we got hit pretty hard by an "unknown" ransomware.

ID-Ransomeware : BURAN / JAMPER.

Identified by

  • sample_bytes: [0x00 - 0x05] 0x53544F524D


We are searching for days for any solutions. (Here, Bleepingcomputer, Google in general,..)
Everywhere we get the same answer. The ransomware ist still under investigation.
(e.g. https://www.bleepingcomputer.com/forums/t/698566/jamper-buran-ransomware-your-files-are-encrypted-txt-support/)
Is there any chance of getting the files back?

Some more informations:


All your files, documents, photos, databases and other important
files are encrypted.

You are not able to decrypt it by yourself! The only method
of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an
email [email protected] OR [email protected] and decrypt one file for free. But this
file should be of not valuable!

Do you really want to restore your files?
Write to email [email protected] OR [email protected]

Your personal ID: 4D038CB6-45CB-303D-B3C5-710D3731F35B

 * Do not rename encrypted files.
 * Do not try to decrypt your data using third party software,
   it may cause permanent data loss.  
 * Decryption of your files with the help of third parties may
   cause increased price (they add their fee to our) or you can
   become a victim of a scam.


File extensions



Notepad++ Screenshot of encrypted file (picture)



Best regards,


Link to post
Share on other sites
18 hours ago, knxvll said:

Everywhere we get the same answer. The ransomware ist still under investigation.

I would believe it uses a form of RSA encryption, which requires knowledge of a private key in order to decrypt files (files are encrypted with a public key, which can be analyzed without revealing anything that could aid in decryption). The private key is usually kept safe on the servers operated by the criminals, and it's fairly common for ransomware to generate a new private key for each computer.

Link to post
Share on other sites

In addition, Buran was launched as a project that can be bought and remade in order to complicate the detection by antiviruses, transfer data to the server, and key the key in a secure way that cannot be obtained otherwise.

We have already seen several projects redone from the original Buran.

Service ID Ransomware identifies everything under one name, so only a specialist can find the differences.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...