Lanran Ransomware Removal Guide

Do you know what Lanran Ransomware is?

It is very clear what the creator of Lanran Ransomware wants from their victims, and that is a payment of 0.5 Bitcoin. At the time of research, this is between 3,200 and 3,300 USD, but because the cryptocurrency is unstable, the conversion rates are likely to shift. Overall, it is a huge sum, and it is highly unlikely that random users would be able to pay it. This is why it is possible that the malicious infection was created to infect the computers of bigger companies and organizations. In any case, paying this ransom is not what victims should do because that is unlikely to be exchanged for a decryptor. A decryptor is needed because the malicious ransomware encrypts files, and only a special key and tool can restore the data to make the files readable again. That means that the victim is stuck. Unfortunately, a free decryptor does not exist at this time, and so the only thing that users can do is protect their operating systems against malware from slithering in. If it is too late, and you need to remove Lanran Ransomware, we can show you the way.

Lanran Ransomware has a very specific target; or targets, to be more precise. When this malicious infection slithers into an operating system – which it is likely to do using existing vulnerabilities and unguarded security backdoors – it looks for files with certain extensions. These include .txt, .doc, .docx, .mp3, .xls, .wmv, .mp4, .iso, .dll, .jpg, .pdf, etc. The creator of the infection has set it up to corrupt targeted files in specific folders only. These include Desktop, Documents, Favorites, Music, and Pictures folders in the %USERPROFILE% directory, the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup folder, and the %APPDATA% directory. If the invasion of the infection is successful, you can go to these directories, and you should find the “.LanRan2.0.5” extension added to the corrupted files’ names. Of course, you are unlikely to realize that this has happened until the ransom demands are made. First, Lanran Ransomware changes the Desktop wallpaper and launches an audio message that is repeated five times. This message informs that files and databases had been encrypted. The ransomware also created a file named “@___README___@.txt” on the Desktop. This is the ransom note, and you will have to delete it during the removal process.Lanran Ransomware Removal GuideLanran Ransomware screenshot
Scroll down for full removal instructions

According to the ransom note, the creator of Lanran Ransomware can send you a “private key” and “LanRan Decryptor” if you transfer 0.5 Bitcoin to 1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS. After the payment, you are supposed to email, and if you do, you should be able to decrypt corrupted files. Of course, it is most likely that these are all empty promises. Whether you are looking at the ransom note delivered via the Desktop wallpaper, the @___README___@.txt file on the Desktop, or the INSTRUCTIONS.html file in the %PUBLIC% directory, you should not pay attention. If you paid the ransom, it is guaranteed that you would lose your money, but there are no guarantees when it comes to the decryptor. In fact, we would be surprised if you were provided with one. So, what are you supposed to do? If you have backups, quickly delete Lanran Ransomware, remove the corrupted files, and transfer the backups onto the computer if you need it. If you do not have backups, eliminate the infection and figure out how to back files up to avoid losing them in the future.

It should not take long for you to delete Lanran Ransomware manually, but that is only if you know what you are doing. If you do not have experience, you might face problems, and that can be excruciatingly annoying. The good news is that there is a way to get rid of the infection and reinstate full protection of the operating system without lifting a finger. The only thing you need to do is install a legitimate anti-malware program. The right tool will ensure that you do not face ransomware any time soon.

Remove Lanran Ransomware from Windows

  1. Delete the launcher of the ransomware (location and name unknown).
  2. Tap keys Win+E to access Windows Explorer.
  3. Enter %APPDATA% into the bar at the top.
  4. Delete the file named img.jpg (afterward, change the Desktop wallpaper to your preferred image).
  5. Enter %LOCALAPPDATA% (or %USERPROFILE%\Local Settings\Application Data\ for the users of a different Windows version) into the bar at the top.
  6. Delete the files named TempLanRan.exe and Temprunsom.exe.
  7. Enter %PUBLIC% into the bar at the top.
  8. Check the folders and Delete the file named INSTRUCTIONS.html if it exists.
  9. Move to the Desktop and Delete the file named @___README___@.txt.
  10. Empty Recycle Bin to complete the elimination of the ransomware.
  11. Install a legitimate malware scanner and run a system scan. If leftovers are found, erase them ASAP.

In non-techie terms:

Lanran Ransomware is a dangerous piece of malware that can corrupt all of your most personal files. If you are lucky, the infection does not do much damage because of the specific targets it has; however, if your files are stored in the targeted directories, you are in trouble. Once the files are encrypted, there is nothing you can do to save them. Of course, if backups exist, there is nothing to worry about, but if they do not exist, the only option for you is to pay the ransom in return for an alleged decryptor. Well, that is not something you should do because you do not know if cyber criminals would give you the key in return for thousands of dollars that you would pay as the ransom. In fact, it's safe to say that you would NOT be given anything in return. All in all, whether or not you decide to communicate with cyber criminals and follow their demands, you must remove Lanran Ransomware in the end, and you can do that manually or using automated anti-malware software that also can help you with the overall protection of the operating system.