Buran Ransomware in details

Buran ransomware is similar in some aspects to prominent representatives of the STOP ransomware family like .Heroset and .Pidon .

There are many different sorts of hazardous software that can threaten the security of your machine and computer files and if you’re not cautious with what you do while surfing the web, you can easily land your computer with one. Having said that, few of the hazards that you may stumble upon on the web can match the notorious Ransomware virus kind with regards to how nasty and dangerous they are. The primary feature of this form of virus is its ability to blackmail the targeted users into making a ransom payment to the hacker which is where its name comes from. The virus we’re going to be concentrating on within the following paragraphs is one that is notorious for locking the user’s computer data by implementing a highly-advanced encryption code and after that, requesting that a ransom payment is made in exchange for the key that could restore the encrypted files. The name of this specific Ransomware virus that we are referring to is Buran. In case you’re among the many unfortunate victims of this nasty cryptovirus, know that the following paragraphs contain some important information which may help you overcome your Ransomware-related problem.

First of all – be prepared to fight a unique form of malware mainly because Ransomware doesn’t seem to be similar to the other online risks – a fact that makes those viruses particularly tricky to fight or get rid of. Moreover, many of the common security programs might be useless against this type of virus. This is probably due to the fact that Ransomware never actually harms anything on the computer. That is why a computer virus of this sort won’t be viewed as a risk by most versions of PC protection although it is a genuine version of malware. To be completely precise, the process of encryption isn’t hazardous by itself – it might only block the access to the targeted data, yet it is not able to result in any harm (destruction, corruption, etc.) to the files.

After the encryption the Buran ransomware virus would drop a !!! YOUR FILES ARE ENCRYPTED !!!.TXT file with instructions how to pay the ransom. The email addresses used are polssh1@protonmail.com and polssh@protonmail.com.

Dangers of Buran Ransomware

Provided that you have the key for the encryption process, the applied encryption code isn’t malicious at all. The problem, however, is the simple fact that when you are attacked by a virus like Buran, the only person who will hold the key is the cyber criminal who is attempting to harass you. After the malware has completed the encryption procedure, it would then start to blackmail the unlucky user. The way the victim is informed about the money demand is through a message displayed on the PC’s screen which gives them directions which describe how the ransom money is supposed to be paid. Here, it is crucial that you understand that Ransomware hackers greatly rely on the fear and the frustration which they endeavor to infuse in their victims.

The more panicked and confused you are, the higher the likelihood that you would easily give in to the criminal’s ransom demands. However, this is exactly the opposite of what you should do in this kind of scenario. Remaining calm and looking into all potential alternative options is the recommended way to approach this type of issue. For instance, the guide for removing Buran at the end of this post is one possible method for taking care of the Ransomware problem without having to pay anything whatsoever.

SUMMARY:

[add_third_banner]

Remove Buran Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Buran

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Buran.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Buran , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Buran

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Buran Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Buran Decryption

The previous steps were all aimed at removing the Buran Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Buran Ransomware (Removal+File Recovery) appeared first on Malware Complaints.