Lanset ransomware is a new computer crypto-virus. Like other ransomware, it’s basically a malicious program that gets on your PC system and runs. It locks up your files and changes their extensions to .lanset file extension. This article will provide you with all the things you need to know about ransomware, how to remove Lanset crypto virus from your computer and how to recover (decrypt) encrypted personal files for free.
Files encrypted by .lanset ransomware
The Lanset ransomware is created to encrypt the personal files found on infected machine using a strong encryption algorithm with long key, appending the .lanset extension to all encrypted photos, documents and music. It can encrypt almost types of files, including the following:
.slm, .accdb, .wgz, .zabw, .nrw, .rofl, .odm, .wmo, .xlsm, .xll, .d3dbsp, .dwg, .pak, .mef, .xbplate, .py, .png, .qdf, .pptx, .sav, .avi, .sidd, .wma, .wp4, .xdl, .yal, .t13, .wmd, .das, .bay, .hkdb, .wp5, .lbf, .menu, .jpeg, .psk, wallet, .pem, .xlsx, .gdb, .wmv, .pfx, .apk, .dba, .wpd, .der, .xwp, .sis, .xxx, .xlsb, .css, .y, .xbdoc, .wpg, .sie, .bsa, .itm, .xlgc, .wbmp, .tax, .sr2, .csv, .pptm, .rw2, .wsc, .wp6, .w3x, .dcr, .odt, .wpt, .xld, .docx, .zip, .odb, .pdd, .ptx, .big, .wdp, .iwd, .psd, .zip, .webdoc, .sum, .rgss3a, .zi, .ff, .forge, .crt, .eps, .hplg, .0, .xy3, .svg, .pdf, .dbf, .wp7, .upk, .1, .ltx, .litemod, .bc7, .srf, .2bp, .kdc, .rar, .wire, .x3f, .cr2, .ibank, .mddata, .wbd, .flv, .crw, .xml, .wmv, .webp, .asset, .wbc, .wpe, .odp, .3dm, .sidn, .itdb, .wotreplay, .jpe, .mcmeta, .t12, .wps, .xpm, .raf, .x3f, .pef, .wn, .xls, .raw, .blob, .fos, .xlsm, .m3u, .wpa, .bik, .vdf, .xdb, .xyp, .wbm, .mp4, .x3d, .wps, .1st, .orf, .ybk, .xar, .arw, .zif, .ws, .desc, .mdb, .vcf, .r3d, .wpb, .wdb, .wpd, .sid, .ztmp, .p7b, .cas, .odc, .p12, .indd, .ods, .vtf, .dmp, .vfs0, .rb, .bc6, .mov, .ysp, .p7c, .wpw, .wsd, .wav, .wpl, .zdb, .zdc, .wmf, .mdf, .xf, .bkf, .xmmap, .lvl, .syncdb, .fpk, .wm, .vpp_pc, .hvpl, .ncf, .vpk, .epk, .7z, .bkp, .hkx, .cdr, .ai, .wri, .bar, .xls, .dng, .pkpass, .pst, .wbz, .rim, .z3d, .qic, .kdb, .iwi, .re4, .map, .xyw, .itl, .mdbackup, .xmind, .sb, .xx, .db0, .srw, .ppt, .wsh
When encrypting a file it will append the .lanset extension to each encrypted file name to identify that the file has been encrypted. For example, a file named sample.doc would be encrypted and renamed to sample.doc.lanset.
When the encryption process is finished, the malicious software leaves a ransom message named ‘_readme.txt’ with instructions on how to purchase a private key to decrypt all files. You can see an one of the variants of the ransom message below:
ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-7AKxZTQTdy Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | Lanset |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Encrypted files extension | .lanset |
| Ransom note | _readme.txt |
| Contact | @datarestore (telegram), gorentos@bitmessage.ch |
| Ransom amount | $490, $980 in Bitcoins |
| Symptoms |
|
| Removal | To remove Lanset ransomware use the removal guide |
| Decryption | To decrypt Lanset ransomware use the steps |
Instructions that is shown below, will allow you to remove Lanset ransomware as well as restore (decrypt) encrypted documents, photos and music stored on your computer drives.
Quick links
- How to remove Lanset ransomware
- How to decrypt .lanset files
- Use STOPDecrypter to decrypt .lanset files
- How to restore .lanset files
- How to protect your computer from Lanset crypto malware?
- Finish words
How to remove Lanset ransomware
Manual removal does not always allow to completely remove the Lanset crypto virus, as it’s not easy to identify and get rid of components of ransomware virus and all malicious files from hard disk. Therefore, it is recommended that you use malicious software removal tool to completely remove Lanset crypto malware off your computer. Several free malicious software removal utilities are currently available that may be used against the ransomware. The optimum solution would be to use Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.
Remove Lanset ransomware with Zemana Anti-malware
We recommend using the Zemana Anti-malware. You can download and install Zemana Anti-malware to look for and remove Lanset ransomware virus from your PC system. When installed and updated, the malicious software remover will automatically scan and detect all threats exist on the machine.
Installing the Zemana Free is simple. First you’ll need to download Zemana Anti-Malware by clicking on the following link. Save it on your Microsoft Windows desktop.
159595 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the downloading process is finished, close all apps and windows on your PC. Double-click the install file named Zemana.AntiMalware.Setup. If the “User Account Control” prompt pops up as on the image below, click the “Yes” button.
It will open the “Setup wizard” which will help you install Zemana on your system. Follow the prompts and don’t make any changes to default settings.
Once setup is done successfully, Zemana Anti-Malware (ZAM) will automatically start and you can see its main screen as displayed in the figure below.
Now press the “Scan” button . Zemana Free utility will begin scanning the whole PC system to find out Lanset ransomware and other security threats. While the tool is checking, you can see count of objects and files has already scanned.
Once Zemana Anti Malware (ZAM) has finished scanning your system, Zemana AntiMalware will display a screen which contains a list of malicious software that has been detected. Review the report and then click “Next” button. The Zemana will remove Lanset ransomware, other malicious software, worms and trojans and move items to the program’s quarantine. When that process is complete, you may be prompted to reboot the computer.
Remove .Lanset virus with MalwareBytes
We recommend using the MalwareBytes Free. You may download and install MalwareBytes Free to look for and remove Lanset virus from your machine. When installed and updated, this free malicious software remover automatically searches for and removes all threats present on the computer.
Download MalwareBytes Free on your MS Windows Desktop by clicking on the following link.
317774 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the download is complete, close all windows on your system. Further, start the file named mb3-setup. If the “User Account Control” dialog box pops up as shown in the following example, click the “Yes” button.
It will open the “Setup wizard” that will assist you set up MalwareBytes Anti-Malware (MBAM) on the personal computer. Follow the prompts and don’t make any changes to default settings.
Once setup is done successfully, click Finish button. Then MalwareBytes Anti Malware will automatically run and you may see its main window as shown below.
Next, click the “Scan Now” button to detect Lanset crypto virus, other malware, worms and trojans. Depending on your system, the scan can take anywhere from a few minutes to close to an hour. While the utility is checking, you can see count of objects and files has already scanned.
After that process is finished, MalwareBytes Free will open you the results. You may get rid of threats (move to Quarantine) by simply click “Quarantine Selected” button.
The MalwareBytes AntiMalware will remove Lanset ransomware related files, folders and registry keys and move items to the program’s quarantine. Once finished, you may be prompted to restart your PC. We suggest you look at the following video, which completely explains the procedure of using the MalwareBytes to delete browser hijackers, adware and other malware.
Run KVRT to remove Lanset ransomware from the PC
KVRT is a free removal tool that can be downloaded and run to remove ransomware viruses, adware, malicious software, trojans, worms and other threats from your machine. You can use this tool to locate threats even if you have an antivirus or any other security application.
Download Kaspersky virus removal tool (KVRT) from the link below. Save it directly to your MS Windows Desktop.
124023 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is done, double-click on the KVRT icon. Once initialization procedure is complete, you’ll see the KVRT screen as displayed in the figure below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool application will scan through the whole PC system for the Lanset ransomware and other trojans and harmful apps. Depending on your computer, the scan can take anywhere from a few minutes to close to an hour. When a threat is found, the number of the security threats will change accordingly.
Once that process is finished, you can check all items detected on your PC system as shown in the following example.
All detected threats will be marked. You can get rid of them all by simply press on Continue to start a cleaning task.
How to decrypt .lanset files
The Lanset crypto virus offers victim to contact it’s developers in order to decrypt all documents, photos and music. These persons will require to pay a ransom (usually demand for $490-980 in Bitcoins).
We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware.
Files encrypted by .lanset ransomware
With some variants of the Lanset ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .lanset files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .dotmap. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.lanset).
Please check the twitter post for more info.
How to restore .lanset files
In some cases, you can recover files encrypted by Lanset ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Restore .lanset encrypted files using Shadow Explorer
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Please go to the link below to download ShadowExplorer. Save it on your MS Windows desktop or in any other place.
419416 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the figure below.
Start the ShadowExplorer tool and then choose the disk (1) and the date (2) that you wish to restore the shadow copy of file(s) encrypted by the Lanset ransomware as displayed in the following example.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and click ‘Export’ button as shown on the image below.
Use PhotoRec to recover .lanset files
Before a file is encrypted, the Lanset ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file restore software such as PhotoRec.
Download PhotoRec by clicking on the link below.
Once the downloading process is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll display a screen as shown in the following example.
Select a drive to recover as on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted personal files as shown in the figure below.
Click File Formats button and specify file types to recover. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, press Browse button to choose where recovered personal files should be written, then click Search.
Count of recovered files is updated in real time. All recovered photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.
When the restore is finished, click on Quit button. Next, open the directory where recovered files are stored. You will see a contents as shown in the following example.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your computer from Lanset crypto malware?
Most antivirus programs already have built-in protection system against the ransomware. Therefore, if your PC system does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Run HitmanPro.Alert to protect your computer from Lanset crypto malware
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Download HitmanPro Alert on your personal computer by clicking on the following link.
Once downloading is done, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. When the tool is started, you will be shown a window where you can choose a level of protection, as on the image below.
Now press the Install button to activate the protection.
Finish words
Once you’ve finished the tutorial outlined above, your computer should be clean from Lanset ransomware and other malware. Your personal computer will no longer encrypt your personal files. Unfortunately, if the few simple steps does not help you, then you have caught a new variant of crypto virus, and then the best way – ask for help here.
