knxvll 0 Report post Posted September 13 Hello community, we got hit pretty hard by an "unknown" ransomware. ID-Ransomeware : BURAN / JAMPER. Identified by sample_bytes: [0x00 - 0x05] 0x53544F524D We are searching for days for any solutions. (Here, Bleepingcomputer, Google in general,..) Everywhere we get the same answer. The ransomware ist still under investigation. (e.g. https://www.bleepingcomputer.com/forums/t/698566/jamper-buran-ransomware-your-files-are-encrypted-txt-support/) Is there any chance of getting the files back? Some more informations: !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email [email protected] OR [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email [email protected] OR [email protected] Your personal ID: 4D038CB6-45CB-303D-B3C5-710D3731F35B Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. File extensions IMG_1574.JPG.[4D038CB6-45CB-303D-B3C5-710D3731F35B] Notepad++ Screenshot of encrypted file (picture) Download Image Best regards, knxvll Quote Share this post Link to post Share on other sites
Amigo-A 40 Report post Posted September 13 Buran Ransomware known since May 2019 year. There are no decryption methods without keys extortionists. Quote Share this post Link to post Share on other sites
GT500 590 Report post Posted September 14 18 hours ago, knxvll said: Everywhere we get the same answer. The ransomware ist still under investigation. I would believe it uses a form of RSA encryption, which requires knowledge of a private key in order to decrypt files (files are encrypted with a public key, which can be analyzed without revealing anything that could aid in decryption). The private key is usually kept safe on the servers operated by the criminals, and it's fairly common for ransomware to generate a new private key for each computer. Quote Share this post Link to post Share on other sites
Amigo-A 40 Report post Posted September 14 In addition, Buran was launched as a project that can be bought and remade in order to complicate the detection by antiviruses, transfer data to the server, and key the key in a secure way that cannot be obtained otherwise. We have already seen several projects redone from the original Buran. Service ID Ransomware identifies everything under one name, so only a specialist can find the differences. Quote Share this post Link to post Share on other sites
