Remove LanRan Ransomware Virus (+Restore Files)

How to Remove LanRan Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

    L_A_N_R_A_N R_A_N_S_O_M_W_A_R_E
    Attention! Your Files has been encrypted By L_A_N_R_A_N@R_A_N_S_O_M_W_A_R_E

    ##############################################################

    Attention! your personal files are encrypted With RSA-2048 algorithm.

    ##############################################################

    What is encryption?
    Encryption is a reversible modification of information for security
    reasons but providing full access to it for authorized users. To become an authorized user and keep
    the modification absolutely reversible (in other words to have a possibility to decrypt your files) you
    should have an individual private key. But not only it. It is required also to have the special decryption software
    in “LanRan Decryptor” software for safe and complete decryption of all your files and data.

    ##############################################################

    Attention! Attention! Attention! Your Files has been encrypted By L_A_N_R_A_N_R_A_N_S_O_M_W_A_R_E And your personal files are encrypted With
    RSA-2048 algorithm.
    Send 0.5 Bitcoin To @ —– @
    for decrypt your files Contact us By Email: lanran-decrypter@list.ru . If Send 0.5 Bitcoin We will send you the decryption key LanRan Decryptor . It’s Your
    Choice

    ———————————————————
    good luck

There’s a new player on the ransomware field, and it’s called LanRan. It’s a newly-discovered threat. But there’s nothing new about it. It follows the standard programming, and doesn’t really stand out. But don’t confuse ‘standard’ for ‘safe.’ It’s a dangerous threat. One, you mustn’t ignore or underestimate. LanRan is an infection, you must act against as soon as the opportunity presents itself. And, whatever it throws your way, don’t buy it! Don’t believe anything it promises you. It’s run by untrustworthy cyber criminals. People, who only see you as a lottery ticket. They want nothing more from you apart from your money. In a nutshell, LanRan is a cryptovirus. It found a sneaky way to invade your system. Then, once inside, encrypted every single file you have. Documents, videos, music, pictures. Nothing escapes its reach. After the completion of the encryption process, it leaves a note. The note contains instructions on what it expects you to do. If you follow its demands, it claims you’ll regain your files. Supposedly, after receiving payment, it sends you a decryption key. Apply it, and your files are free. It all seems so simple. But it’s not. There are countless ways the exchange can go wrong. Not to mention, if you’re foolish enough to buy its lies, you expose your privacy. Oh, yes. If you send the ransom money, you leave personal and financial details. Information, which falls into the hands of the cyber extortionists. Alongside your money. So, you don’t only lose a certain amount of money, but also your private life is no longer private. Furthermore, you have zero guarantees that any of this leads to the release of your files. Yes, even if you give your full cooperation, you can still have nothing to show for it in the end. Here’s what experts advise. Do not pay these people. Don’t even contact them. Do nothing. Say goodbye to your files, and create backups next time. Accept they’re lost to you, and move on. It’s harsh, but it’s the lesser evil. Anything else provides a worse alternative. Yes, it’s not the advice, you were hoping to hear, but it’s the one you have to. Follow it.

How did I get infected with?

Most infections need the same key ingredient to succeed in their sneaky invasion. Your carelessness. Most cyber threat needs you to throw caution to the wind, and rely on luck. To not read the terms and conditions, but agree to everything. They need you to rush, and give into gullibility. That way, when they turn to their invasive methods, it’s that much easier to invade. LanRan is no different. Why would you make it easier for an infection to infiltrate your system? Don’t be careless! Instead, be extra thorough. Vigilance is your friend. Always opt to do your due diligence when installing tools or updates. The most common methods include freeware, and spam email attachments. The tool can also hide behind corrupted links or sites. Or, pose as a fake system or program update. And, of course, in today’s day and age, social media also provides a way in. LanRan can rely on social media sites and networks for file-sharing. And, slither in undetected. But only if you’re careless enough to allow it. So, don’t be. Be thorough. Attention goes a long way, and can save you a ton of issues.

Why is LanRan dangerous?

LanRan is believed to be a variant of the MyLittleRansomware infection. Once LanRan invades your PC, it doesn’t take long before it has control of your data. After it locks everything, it leaves you a ransom note. It’s written in English, and bears the name @___help___@. It’s rather simple. Pay us 0.5 Bitcoin if you wish to free your files. Or, don’t, and lose them. But it goes beyond that. It’s not as straightforward as the infection makes it out to be. As was already stated, if you transfer the requested sum, you expose your privacy. But, here’s the thing. Even if your files are so precious that you’re willing to take that risk, you still should do it. As was stated, you have zero guarantees that compliance leads to unlocking your data. Think about it. You pay the ransom, and ten what? You rely on extortionists to keep their word, and send you the promised decryption key. What if they don’t? What if they send the wrong one? And, even if it’s the right one, don’t rejoice yet. Applying the key only remove the encryption. Not the infection. It remains, ready to act up again, and put you back to square one. Don’t take such unnecessary risks. Protect your privacy. Discard your data. One is replaceable, while the other is not.

LanRan Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover LanRan Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with LanRan encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate LanRan encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.