LanRan v2 is a new Hidden Tear based ransomware virus, found by malware specialists in July 2018. This week we wrote that ransomware is being pushed out of the malware market by the young crypto-miners, but yet true inveterate hackers are still trying out their luck by creating new ransomware variants based on open source Hidden Tear project. Donut, Sorry, Horros, Krypton are the examples of the file-encrypting viruses that our new LanRan ransomware is very similar to.
Lanran Ransomware quicklinks
- What does LanRan ransomware do
- How did LanRan virus infect your system
- What are the best ways to remove LanRan ransomware
- Automatic Malware removal tools
- How to delete LanRan without an antivirus
- How to recover LanRan ransomware encrypted files and remove the virus
- Step 1. Restore system into last known good state using system restore
- 1. Reboot your computer to Safe Mode with Command Prompt:
- 2.Restore System files and settings.
- Step 4. Use Data Recovery programs to recover LanRan ransomware encrypted files
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Apart from being a replica, LanRan developers are aiming high asking a very big ransom (0,5 BTC = USD 3.600), compared to its other brothers. Maybe this is just a tactic to create an impression on a victim how serious this infection is or maybe LanRan developers are pretty new in the game, not knowing that the most earning ransomware are the ones that ask the least, but no matter what crooks are expecting, do not start calling everyone and borrowing money, because this article will give you an insight on what to do if LanRan has compromised your system.
What does LanRan ransomware do
LanRan virus does not bring anything new to the table. It is a typical ransomware, made by using the sample from the Github and demonstrates all the typical features of any other crypto demanding malware. It sneaks into your computer unnoticed, runs silently in the background its malicious scripts looking for potential files to encrypt, copies itself into certain Windows directories to be more persistent and show up every time you restart your PC and starts encrypting selected data with a usual Asymmetric cipher AES.
After all the encryption it starts preparing to give away his existence to you by adding .LanRan2.0.5 appendix to every personal file he made inaccessible. That means that your file named ‘familypicture.jpg’ after encryption would become ‘familypicture.jpg.LanRan2.0.5’. And trust us, removing the appendix is not going to decrypt the file. LanRan ransomware targets only personal files that can be in a form of pictures, videos, documents and etc, but not program files so that the user could still make the cryptocurrency payment using the same computer.
But once the encryption is done, LanRan has the final mission – it changes your dektop background saying that your files are locked and the only way to get them is by paying, what is more drops a .txt notepad ransom note named ‘@[email protected]’ saying pretty much the same thing:
Attention! Attention! Attention! Your Files has been encrypted By L_A_N_R_A_N——-R_A_N_S_O_M_W_A_R_E
What is encryption?
Encryption is a reversible modification of information for security reasons but providing full access to it for authorized users. To become an authorized user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an individual private key.
But not only it
It is required also to have the special decryption software (in your L_A_N_R_A_N Decryptor software) for safe and complete decryption of all your files and data.
Send 0.5 Bitcoin To @ 1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS @
for decrypt your files Contact us By Email : [email protected] If Send 0.5 Bitcoin We will send you the decryption key LanRan DecryptorIt’s Your Choice
LanRan asks for an impressive USD 3600 payment in Bitcoins (0,5BTC) just to unlock your files. Once you send it you should contact the crooks to their email and they promise to give a decryptor. Maybe because you value your files a lot and the amount is pretty big you’d expect them to actually send the unlocking key to you, but sadly, it may not be the case. The good example is Petya ransomware, that would take the ransom but completely ignore the victim and not only did the hackers compromise the system but also take the given money.That is why you should not pay the ransom, because you can’t trust hackers just like you can’t trust pirates.
How did LanRan virus infect your system
Every case is different, and how you caught LanRan ransomware can be very different than how other person caught it, but most likely it has to do with a weak computer security and mindless online browsing habits. While people tend to believe that viruses only spread via adult content pages or DeepWeb, yet they would be surprised what.
LanRan ransomware and others of its kind have a preference due to technical and other reasons that they prefer to spread, and it is – spam emails with malicious links or attachments. You may have heard about how widespread WannaCry, Locky or NotPetya got by simply using malspam. It may seem ridiculous how can people trust hackers an open infected pages, files, but hackers are the masters of deceit and their socially engineered letters can fool pretty much anyone if they do not look close enough. Bills, government letters, invoices, resumes, invitations to free concerts and etc. are just a tiny part of how crooks get you to click on the virus executable file.
Even though you trust your judgment and feel confident online, thinking that you would never believe such nonsense, we still advise you to read the Ultimate Guide how to Protect yourself from ransomware.
What are the best ways to remove LanRan ransomware
Let us be honest and just give out the best LanRan removal method at the very beginning. It is Spyhunter] programs. They are made specifically to help users with ransomware, Trojans, browser hijackers and other virtual parasites. These anti-spyware tools are sophisticated and reliable, unlike many fake or rogue self-claimed virus removal software you can find online. Spyhunter and Malwarebytes save your time because all the user has to do is make a few clicks to initiate the scan and soon enough LanRan threat is hunted and fully removed from even the darkest corners of your computer.
Nevertheless, we must mention that LanRan ransomware elimination does not result in decrypted files. Unfortunately, the personal files will still be locked even the virus is long gone. But the removal part is essential so no more files would be encrypted, your system could start running properly and you could look for options how to recover files. Never try to recover files if the LanRan ransomware is still in the computer! Data restore can be done with programs that are able to decrypt certain virus locked files (still waiting for the LanRan decryptor), also from Shadow Volume Copies or other tools mentioned below.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
How to delete LanRan without an antivirus
In the first place, we must say that if you do not have an antivirus/anti-malware program or have the one that Lanran ransomware was able to break, it is about time to get yourself a reliable security tool that will save you from the next attack. Although, at times there is no other option than to remove the virus manually. Cyber threats can modify your internet settings, damage system that it would block any new installation and etc., in which case you have to clean your PC without any automatic tool.
Furthermore, at the moment there is no decyptor, but keep looking for our updates.
How to recover LanRan ransomware encrypted files and remove the virus
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 7 / Vista/ XP
- Start → Shutdown → Restart → OK.
- Press F8 key repeatedly until Advanced Boot Options window appears.
- Choose Safe Mode with Command Prompt.
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2.Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before LanRan ransomware has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Complete removal of LanRan ransomware
After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to LanRan ransomware. You can check other tools here.Step 3. Restore LanRan ransomware affected files using Shadow Volume Copies
If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually LanRan ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 4. Use Data Recovery programs to recover LanRan ransomware encrypted files
There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download a data recovery program.
- Install and scan for recently deleted files.