I wrote this article to help you remove LanRan Ransomware. This LanRan Ransomware removal guide works for all Windows versions.

LanRan ransomware is believed to be a rendition of MyLittleRansomware. The two viruses exhibit similar characteristics. At the end of the day, LanRan ransomware does what most win-lockers do. It locks most files on the victim’s hard disk drive and demands a payment to unlock them. This is the concept behind win-lockers. They are created to extort funds from computer users. Their developers make a living by swindling people and forcing them to give them their hard earned money. This is a severe cyber crime scheme. Despite the efforts of security experts, ransomware viruses continue to stack up large turnovers.

You can help eradicate this crime string by enhancing your cyber protection. If all users start taking measures to prevent viruses from entering their systems, hackers would lose their source of income. Creating malware will become pointless. LanRan ransomware, like most win-lockers, is distributed through spam emails. The virus hides behind attached files, listed as important documentation. The spammer can describe the attachment as a recommended letter, a receipt, an invoice, a bill, a fine or another type of document. The message can be signed by a reputable entity, like the national post, a courier firm, a bank, an institution, a government branch, the local police department or the district court. To tell whether a given email is genuine, check the account it was sent from.

When LanRan ransomware enters a computer, it begins searching for vulnerable files. The insidious program executes a malicious code to perform the encryption. LanRan ransomware uses RSA-2048 cipher to render the code scheme of the targeted objects. Unlike other win-lockers, it does not add a custom extension to the names of the infected files. The encryption process takes a short amount of time. Within several minutes, the infection will have been spread to all directories of your computer. The reversal takes longer and the waiting time is significant. This is a major issue for companies, as they could be forced to hold their business practices for days.

LanRan ransomware explains the situation, focusing on the payment aspect. The win-locker drops a ransom note on the hard disk drive and loads it automatically. The file is titled @___help___@. The message explains why the win-locker has targeted your system and what the demands of the people behind it are. They elaborate that the encryption is a reversible process. To have it reversed, victims have to pay a fee of 0.5 bitcoins. This converts to $607.05 USD, per the current exchange rate. The hackers collect payments in a bitcoin wallet. Their wallet address is listed in the ransom note. After completing the transaction, the user has to contact the renegade developers. Victims have to send a confirmation letter to their email address: lanran-decrypter@list.ru.

Paying cyber criminals only encourages them to keep developing viruses and distributing them via spam email campaigns and other dark patterns. Furthermore, it does not guarantee that the problem would be resolved. It is stated that executing LanRan Decryptor will reverse the encryption process. The hackers have conveniently omitted the fact that LanRan ransomware would not be uninstalled. There is nothing mentioned about removing the program from the system. Even if there was, would you trust cyber criminals? There are numerous accounts on people having their files encoded again after using the decryption tool to return them back to normal.

The best way to combat against viruses like LanRan ransomware is with a custom decrypter. Cyber security experts are engaged in cracking win-lockers and developing custom decrypters. However, there is an alternative solution which does not require specialized software. Every file on your hard disk drive has a shadow volume copy. These copies are used when performing a system restore. The process of recovering encrypted objects works in the same way. Shadow volume copies function as individual backups. Of course, hackers are well aware of this recovery technique. Some ransomware authors add a code which deletes shadow volume copies. If this is the case, you should wait until a custom decrypter is created. Your files will not be lost.

LanRan Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, LanRan Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since LanRan Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete