LanRan-2 Ransomware
The LanRan-2 Ransomware is an update of the LanRan Ransomware that includes a working data-locking feature and other, new ransom note-delivering techniques. Its attacks may change your desktop, loop audio warnings, and block various types of media, such as documents and pictures. Threat actors can't provide a legitimate decryption service for this Trojan, and users should remove the LanRan-2 Ransomware with an anti-malware tool before investigating real solutions, such as restoring from any backups.
A Leg to Stand on for a Once-Crippled Trojan
The earliest versions of the LanRan Ransomware had many of the accouterments of a file-locking Trojan but lacked one of the essential ingredients: the real ability to lock the digital media of its victims by encrypting or otherwise corrupting it. An update by the name of LanRan-2 Ransomware is remedying that deficiency but also changes many of the ransoming details of the payload for reasons that malware experts have yet to determine. The LanRan-2 Ransomware may be the work of another threat actor or an experiment in testing how different formats of messages impact the ransom-collecting statistics.
The LanRan-2 Ransomware uses an encryption method that's from the open-source Hidden Tear family for locking the user's files, but doesn't save the password locally or upload it to a C&C server. This issue prevents the threat actor from providing any real decryption for unlocking the files, although some cryptography experts may be capable of brute-forcing a solution. The LanRan-2 Ransomware targets the same data types with its attack as most file-locker Trojans: documents, images, archives, databases, and other, work or recreational formats.
Instead of the screen-locking pop-up that malware analysts took note of in the LanRan Ransomware, the LanRan-2 Ransomware uses a replacement desktop background and a Notepad TXT message for displaying its ransoming demands, which consist of 0.5 Bitcoins to the criminal's wallet address. However, the LanRan-2 Ransomware does retain the use of the repeating audio clip, which it plays until the user terminates the program by force.
Getting Your Files Back from Trojans that Threw Away Their Cell Key
The encryption that the LanRan-2 Ransomware uses may be vulnerable to the decryption techniques that work on many, but not all variants of Hidden Tear. Contacting a cyber-security specialist with experience with file-locker Trojans for their decryption help is the solution that malware experts endorse for any victims who lack a secure backup. Because decrypting this data can be impossible, PC users should defend their media against these attacks by storing their backups on other devices, such as a cloud server.
The version of the LanRan-2 Ransomware available to malware researchers is incomplete and includes some placeholder formatting and error messages in its payload. It also has some features for preventing its detection by traditional AV software, such as hibernating over time, although most security programs are identifying it appropriately. Users should be attentive towards updating the databases of their anti-malware products and giving them opportunities for analyzing all incoming downloads for deleting the LanRan-2 Ransomware before it encrypts any of their local files.
This new version of the LanRan Ransomware is unexpected, but not extremely unorthodox for the file-locker Trojan industry. Criminals appreciate recycling others' work for new crimes, and the LanRan-2 Ransomware is a much more credible danger to the documents and other files of the public at large.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.