Buran

Buran Ransomware uses RIG Exploit Kit

Buran is a new version of the Vega ransomware strain (a.k.a. Jamper, Ghost, Buhtrap) that attacked accountants from February through April 2019. The new Buran ransomware first was discovered in June 2019.

What’s interesting is that this cryptolockers’ code was written in Object Pascal in Delphi IDE – a programming language that was popular in Latin American and former Soviet Union countries around two decades ago when it was being taught in colleges and technical universities.

Let’s take a close look at this ransomware to find out the installation process, communication details, and encryption model.