LanRan Ransomware
Posted: April 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 29 |
| First Seen: | April 5, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The LanRan Ransomware is a member of the My Little Ransomware family of file-encrypting Trojans, which lock your files until you pay their ransoms. While the LanRan Ransomware's encryption feature is unfinished, malware experts anticipate further updates to the threat and recommend protecting your PC by backing up your files to locations not vulnerable to an infection. Use anti-malware products to find and remove the LanRan Ransomware before its installation.
An Eyeful of a Ransom-Collecting Trojan's Development in Progress
The My Little Ransomware family is one of the smallest groups of open-source, ransom-based threats, but does include new members periodically. After old threats like the M0on Ransomware, malware experts can confirm a new one finally: the LanRan Ransomware, which can lock your screen despite missing other features that one would expect for any Trojan of its category. Since the Trojan is under analysis early in its development, no data yet is known about how its threat actors plan to distribute it to their victims' PCs.
Although its original family includes encryption features, the LanRan Ransomware's authors chose to remove these temporarily, possibly to make updates to the algorithms it uses. The LanRan Ransomware does drop a ransom note on the infected PC, with text as if the Trojan has encrypted your files and blocked you from opening your documents, images, etc. successfully. The LanRan Ransomware launches its note in the format of a screen-locking pop-up window that blocks your desktop access to encourage paying its ransoms. Other than a button for copying the threat actor's cryptocurrency wallet address, the LanRan Ransomware's pop-up includes no interactive features.
Victims also may see other symptoms from the LanRan Ransomware infections, including text-to-voice audio. Perhaps most threatening, malware analysts confirm that the LanRan Ransomware distributes copies of itself to the root directories of all the PC's drives, a worm-like feature that could help it propagate over networks and removable devices.
Deconstructing the Early Foundation of Ransoming Trojans
The current version of the LanRan Ransomware can only lock your screen and block you from using other software without damaging any files in perpetuity. Use Safe Mode or boot your PC from another device to avoid loading the LanRan Ransomware's ransom message. However, the LanRan Ransomware's authors are anticipated to continue working on this threat and may include other features, file-encrypting ones, for future builds particularly.
With its infection methods still unpredictable, the LanRan Ransomware may arrive through various sources, including spam e-mails, compromised websites and modified downloads. Threat actors also could choose to install the LanRan Ransomware manually after gaining network access to a PC, although the LanRan Ransomware's design elements are more indicative of low-key attacks against individuals, rather than companies. Anyone concerned about its potential damages should back their files up to a peripheral device or external server, and use anti-malware products for deleting the LanRan Ransomware before it can do any harm.
Unfinished or not, the LanRan Ransomware is a small part of the overall tide of frantic extortionist Trojan development. Assuming that a file, once saved, is always safe from further tampering, is a quick way to end up paying Bitcoins to con artists like those designing the LanRan Ransomware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 109.05 KB (109056 bytes)
MD5: 1b3985282cef9d022dba3440bb21451d
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 214.02 KB (214026 bytes)
MD5: 8fd7c9c1a66ee4eb1445589f31f2dbbf
Detection count: 69
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 214.01 KB (214016 bytes)
MD5: e168392066c6d00c6de6b71c82adcdb3
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.