Buran

Nemty ransomware analysis

We took a deep dive into the Nemty ransomware strain, a sophisticated new form of malware that's spreading via a fake PayPal website. Similar in some aspects to Buran and GandCrab ransomware strains, Nemty incorporates three distinct layers of encryption to lock down victim data. Learn how this threat to your system works and how Acronis can help you evade and overcome it.

Buran Ransomware uses RIG Exploit Kit

Buran is a new version of the Vega ransomware strain (a.k.a. Jamper, Ghost, Buhtrap) that attacked accountants from February through April 2019. The new Buran ransomware first was discovered in June 2019.

What’s interesting is that this cryptolockers’ code was written in Object Pascal in Delphi IDE – a programming language that was popular in Latin American and former Soviet Union countries around two decades ago when it was being taught in colleges and technical universities.

Let’s take a close look at this ransomware to find out the installation process, communication details, and encryption model.