Lanran Ransomware

What is Lanran Ransomware?

It is crucial to protect your operating system and practice safe browsing; otherwise, Lanran Ransomware could invade sooner than you think. This malware can use spam emails, malicious downloaders, other infections, and system vulnerabilities to invade the Windows operating system and take over files. The infection does not leak or remove files, but it encrypts them, and that might be the end of them. Encryption is a security measure that is meant to ensure that the file can be read only if the right decryption key is applied, and, of course, cyber criminals are the only ones who know the decryption key of the ransomware. What that means is that you cannot recover files manually. Unfortunately, we do not have good news when it comes to the recovery option proposed by cyber criminals. We discuss that further in the report, along with the removal tips that you need if you wish to delete Lanran Ransomware successfully. Are you ready to tackle this threat? Let’s get to it.testtesttest

How does Lanran Ransomware work?

It is likely that the first thing that warned you about the existence of Lanran Ransomware was an audio message informing: “Your documents, photos, databases and other important files have been encrypted.” If you have heard this audio warning, your files are already encrypted, and there is nothing you can do to reverse the attack. Along with the audio message, the creator of the ransomware is also using an image file that replaces the wallpaper to show a text warning. It informs that you need to pay a ransom of 0.5 Bitcoin to the cyber criminals’ Bitcoin wallet (1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS) and then email them to confirm the transaction at If you do all this, you are promised that a decryption key and a tool called LanRan Decryptor would be provided to you to make the recovery of files possible. Here’s the problem. The party making these promises is also the party that is interested in getting the money, and so they could promise you anything and everything. Unfortunately, it is unlikely that you would obtain the decryptor if you paid the ransom, and that is why it is best to focus on the removal of Lanran Ransomware.

Lanran Ransomware also uses “@___README___@.txt” and “INSTRUCTIONS.html” files to deliver the same message to its victims. The first file should be created on the Desktop, and the second one might be created in folders that exist in the %PUBLIC% directory. Unfortunately, if the ransomware created these files, your files are already encrypted. Our researchers have found that this malware encrypts files that are stored in specific folders are directories, including %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, %APPDATA%, and %USERPROFILE%. If you check the files, you should find the “.LanRan2.0.5” extension attached to their original names. It is also worth mentioning that Lanran Ransomware does not encrypt files randomly. In fact, it specifically goes after .txt, .doc, .docx, .mp3, and similar files. Clearly, it is interested in encrypting personal data only. If you are lucky, the files corrupted by the infection will have backup copies. Whether you use cloud storage or external drives, this is the only solution to the problem you are dealing with at the moment. If you did not create backup copies before the invasion of the ransomware, it is unlikely that you will be able to recover them. All in all, in both cases, the infection must be removed.

How to delete Lanran Ransomware

The damage has been done, and it is unlikely that you can reverse it, even if you pay the ransom requested by the creator of the malicious infection. Hopefully, backups exist, but even if they do, and you do not need to worry about restoring data, you still need to remove Lanran Ransomware. This malicious infection has several components that require elimination, and you might be able to get rid of them yourself using the instructions below. Of course, this is not an ideal solution. The best thing to do in this situation is to install anti-malware software. As soon as it is installed, it will create a protection shield against malware. Next, it will automatically find and delete Lanran Ransomware along with other infections that might exist. So, which option will you choose? If you are not ready to make the decision, post your questions in the comments section.

Removal Guide

  1. Launch Windows Explorer by tapping keys Win+E.
  2. Enter %APPDATA% into the bar at the top and then Delete the file called img.jpg.
  3. Enter %LOCALAPPDATA% into the bar and then Delete the files called TempLanRan.exe and Temprunsom.exe (alternative path is %USERPROFILE%\Local Settings\Application Data\).
  4. Enter %PUBLIC% into the bar and Delete the file called INSTRUCTIONS.html in folders.
  5. Go to the Desktop and Delete the file called INSTRUCTIONS.html.
  6. Find and Delete the {unknown name}.exe file that is the launcher of the ransomware (location is unknown).
  7. Empty Recycle Bin and then quickly perform a full system scan to check if leftovers exist. 100% FREE spyware scan and
    tested removal of Lanran Ransomware*

Leave a Comment

Enter the numbers in the box to the right *