NanoLocker Ransomware

NanoLocker Ransomware is an infection that can cause much harm to computers, so users who own PCs with Windows OS on them have to be cautious all the time. Yes, NanoLocker Ransomware primarily infects computers with Windows OS on them; however, people who surf the web on a daily basis and do not have a security tool installed on their computers are at the biggest risk. Unfortunately, hundreds of users do not manage to protect their systems and thus end up with this ransomware infection. The main two symptoms which show that NanoLocker Ransomware has successfully infiltrated your PC is the inability to access a great number of files and a message with red borders and a long text on the screen. The only thing that you can do in order to eliminate the message from the screen is to remove NanoLocker Ransomware fully from your computer. Unfortunately, it will not be easy to implement the NanoLocker Ransomware removal because this infection is far from simple programs that can be uninstalled via Control Panel.

There is no doubt that you will notice immediately that something is wrong after NanoLocker Ransomware slithers onto your computer. First of all, you will see two files added to your desktop without your permission. These are Decryptor.lnk and ATTENTION.RTF. The first file opens lansrv.exe which is located in C:\Users\user\AppData\Local. The second one contains information explaining how to decrypt files. The same text can be found on the message which will cover your desktop. The lansrv.exe file is added to C:\Users\user\AppData\Local not without a reason. It has been observed that this ransomware infection does that in order not to disappear after the PC reboot. In other words, it seeks to launch together with Windows OS. Specialists at pcthreat.com say that it modifies the system registry for this matter too. Research has shown that it adds the LanmanServer Value with the C:\Users\user\AppData\Local\lansrv.exe Value Data to this registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Luckily, NanoLocker Ransomware does not block system utilities and programs like other popular ransomware infections.

As you already know, NanoLocker Ransomware blocks files. It primarily touches files with such extensions as .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .java, .jpeg, .pptm, .pptx, .xlsb, .xlsm, .db, .docm, .sql, and.pdf (various documents and pictures mainly). It will not assign any other filename extension to files after the encryption; however, you will understand that they are all encrypted in the blink of an eye because you will not be able to access them. What is more, NanoLocker Ransomware will, undoubtedly, add a message on the screen, so we are 100% sure that this threat is used by cyber criminals for one main thing – to obtain money from users. If you carefully read the message you see (a part of the message can be found below), you will notice immediately that NanoLocker Ransomware asks users to pay a ransom of 0.1 Bitcoin (approximately $43).

Your important files are encrypted: photos, documents, etc.

To get Key to decrypt files you have to pay 0.1 bitcoin (BTC) ~ $43.

Cyber criminals seek to scare users into paying a ransom immediately, so it puts a warning on the message too, for example:

If payment is not made before Sunday, January 17, 2016 the cost of Key will increase 5 times and will be 0.5 BTC.

Users are also warned not to contact the Police or FBI if they do not want all of their files to be deleted permanently. Finally, cyber criminals provide more information about Bitcoins, e.g. how they can be purchased and how to transfer them step by step.

Our specialists are sure that you have not decided to download and install NanoLocker Ransomware consciously because they have noticed that this threat usually slithers onto computers after a user opens an attachment he/she finds in the email letter from the Spam folder. NanoLocker Ransomware might also slither onto your PC if you tend to download programs from third-party web pages. Last but not least, this ransomware infection might have been downloaded by other threats existing on your computer too. We are sure that you do not want to encounter NanoLocker Ransomware ever again, so we suggest that you install a reputable security tool on your system. You should be much more careful on the web from now on too.

NanoLocker Ransomware should be removed from the system immediately if you want to create new files without any fear and simply do not want to see an annoying message on your screen anymore. Instructions that will help you to get rid of NanoLocker Ransomware are provided below. You should follow them step by step. Another way to get rid of NanoLocker Ransomware is to scan your system with an automatic malware remover, such as SpyHunter. In fact, we suggest that you scan your system with an automatic tool after you delete NanoLocker Ransomware manually too because other serious computer infections might be hiding deep on your system. The sooner you detect and erase them, the better.

Delete NanoLocker Ransomware

1. Open the Registry Editor (tap Windows key + R and enter regedit into the box).
2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and locate the LanmanServer Value.
3. Right-click on it and select Delete.
4. Close the Registry Editor and then open Explorer (Windows key + E).
5. Type C:\Users\user\AppData\Local in the address bar.
6. Find the lansrv.exe file and delete it.
7. Locate the following files on your desktop and remove them:

• Decryptor.lnk
• ATTENTION.RTF