The RIG Exploit Kit is Now Pushing the Buran Ransomware

LASER_oneXM · Jun 6, 2019

The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.
First spotted by exploit kit researcher nao_sec, a malvertising campaign is redirecting users to the RIG exploit kit, which then drops the Buran ransomware as a payload.

Andy Ful · Jun 6, 2019

The RIG Exploit Kit is Now Pushing the Buran Ransomware

The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.

www.bleepingcomputer.com

After exploiting IE while browsing, it uses CMD and Windows Script Host scripting to download & install the ransomware.

upnorth · Jun 6, 2019

place computers running remote desktop behind VPNs so that they are only accessible to those who have VPN accounts on your network.

Andy Ful · Jun 6, 2019

upnorth said:
"place computers running remote desktop behind VPNs so that they are only accessible to those who have VPN accounts on your network. "

... or simply disable Remote Desktop (recommended for most home users).

blackice · Jun 6, 2019

Andy Ful said:
... or simply disable Remote Desktop (recommended for most home users).

Which is why the capability isn’t even in Win10 home (or rather at least not easy to enable), and I’m happy running that on my system.

Search

The RIG Exploit Kit is Now Pushing the Buran Ransomware

LASER_oneXM

Level 37

Andy Ful

From Hard_Configurator Tools

The RIG Exploit Kit is Now Pushing the Buran Ransomware

upnorth

Level 68

Andy Ful

From Hard_Configurator Tools

blackice

Level 39

Similar threads