2019-09-02-buran-ransomware-v-vk.notes.raw

SHA256: fd56d79a454150ba91f1e8ceb1d561a594fca21e0b40ba236769af16ea97865a
h/t @pmelson 

Buran Generation V

Whitelisted files:

boot.ini;bootfont.bin;bootsect.bak;desktop.ini;ctfmon.exe;iconcache.db;master.exe;master.dat;ntdetect.com;ntldr;ntuser.dat;ntuser.dat.log;ntuser.ini;thumbs.db;

Note:

!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT;

Whitelisted Folders:

:\$RECYCLE.BIN\;:\$Windows.~bt\;:\RECYCLER;:\System Volume Information\;:\Windows.old\;:\Windows\;:\intel\;:\nvidia\;:\inetpub\logs\;\All Users\;\AppData\;\Apple Computer\Safari\;\Application Data\;\Boot\;\Google\;\Google\Chrome\;\Mozilla Firefox\;\Mozilla\;\Opera Software\;\Opera\;\Tor Browser\;\Common Files\;\Internet Explorer\;\Windows Defender\;\Windows Mail\;\Windows Media Player\;\Windows Multimedia Platform\;\Windows NT\;\Windows Photo Viewer\;\Windows Portable Devices\;\WindowsPowerShell\;\Windows Photo Viewer\;\Windows Security\;\Embedded Lockdown Manager\;\Windows Journal\;\MSBuild\;\Reference Assemblies\;\Windows Sidebar\;\Windows Defender Advanced Threat Protection\;\Microsoft\;\Package Cache\;\Microsoft Help\;


Whitelisted extensios:

.bat
.cmd
.com
.cpl
.dll
.msc
.msp
.pif
.scr
.sys
.log
.exe
.lnk
.buran

Regisry Storage:

HKCU\Software\Buran V
                    -> Knock
              \Service
                    -> Machine ID
                    -> Public Key


Note:

Hello. Your files are encrypted. Do not worry, we can help you. You can contact us by email. 

established01@protonmail.com 
established@cock.li 


Send us 3-5 any encrypted files no larger than 10 MB. And also send us your personal ID: 

Your personal ID: ____


>>> Attention !!! 

Send a message to both mailboxes, since the letter cannot get into one of the mailboxes.