How to remove LanRan virus and restore encrypted files

LanRan ransomware virus

The entry is about LanRan ransomware which gets into customers' PC around the world, and corrupts their files. In this item we've assembled full information on what is LanRan, and the deletion of LanRan from the PC. In addition, we will explain how to recover the corrupted files, if possible.

LanRan ransomware had penetrated thousands of laptops around the world through easiest way: fraud e-mails with dangerous attachments. Also, scammers use exploits to get into the computer, but they are quickly corrected. After penetration, ransomware reviews the computer memory to find the files for encryption and their rough cost. Nowadays, any modern virus is able to encrypt video, image, audio and text info in all popular extensions. Extra attention is paid to business documents, since businessmen are the priority objective for criminals. Ransomware corrupts only information, and does not spoil the software, so that the man can use his PC to make the payment. The process is carried out through well-known encryption algorithms, and it is so sophisticated that that decipherment of data with no key is impossible. This is the root for such a stunning efficiency of ransomware in recent years: an ordinary PC operator, even having a very good experience in suchlike things, won't ever be able to restore the files, and will have to pay ransom. The single method to get back files is to find the scammer's webpage and retrieve the encryption keys. Also there's a way to obtain the keys through flaws in the code of the virus itself. The encrypted files get .LanRan extension, and asks for 0.5BTC as a ransom.

LanRan ransomware virus

There is one common feature for all kinds of harmful programs: it is way easier to avoid it than to cure it. For encrypting viruses it's very important, as, unlike common dangerous programs, after deleting ransomware from the system, the effects of its actions will stay. It's very easy to minimize the chances to get encrypting virus if you'll follow these advices:

    • Don't admit any changes to the PC, coming from unknown programs. One of the easiest ways of data restoration is the restoration through Shadow Copies, and Web-criminals have added the removal of those copies in the primary features of ransomware. The deleting of shadow copies needs administrator rights and acceptance from the operator. The moment of thought before verifying the checkbox might save your files and your time.
    • Do not disregard the signs that your hardware or software displays. It takes a big part of computing power to encode the files. In few minutes after the infection, the system slows down, and the encrypting process is visible in Process Manager. You might anticipate this moment and switch off the PC before information will be fully encrypted. Surely, the certain amount of information will be corrupted, but you will have the other part.
    • Be cautious with the e-mails which contain data. The very popular model of scam e-mails is the notification about prize gaining or parcel earning. Also you should be careful with business-related letters, especially if the sender and the content is unknown. Bills for services or products, appeals, lawsuits, summaries and similar specific information cannot be sent without warning, and you, as a minimum, should know the person who sent it. Otherwise, it is a scam.

You should know that the deletion of ransomware is only the, first turn, which is compulsory for the standard operation of the laptop. If you get rid of LanRan, you won't restore the information immediately, it will demand more actions described in the following section. In case of encrypting virus we do not give the manual deletion instruction, because its complexity and the possibility of errors will be very high for average user. High class viruses can't be removed even with help of antivirus-software, and have lots of effective types of protection. The very effective ransomware protection technique is the deletion of data on the chance of data recovery or ransomware deletion attempt. To neutralize this, abide to the tips below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you fulfilled all actions, described in previous paragraph - it's time to recover the files. Actually, this is not about decipherment, because the encrypting methods used by swindlers are too complicated. More often than not, to restore the files, the user has to ask for help on specialized forums or from renowned virus fighters and antiviral program vendors. If you can't linger and are going to recover the information by hand - here's the full article on that topic.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.