NanoLocker Ransomware Removal Guide

NanoLocker Ransomware is a newly released infection that enters systems with the Windows OS on them mainly. After it sneaks onto the computer, it immediately starts performing its activities, i.e. it blocks the majority of files users store on their computers. NanoLocker Ransomware makes files unusable for one reason – it seeks to extort money from those users who decide that they want their files back. In this sense, NanoLocker Ransomware is very similar to JS.Crypto Ransomware, CryptoJoker Ransomware, and Radamant Ransomware. Have you already encountered NanoLocker Ransomware? If so, you should know that the only thing you can do about that is to completely remove NanoLocker Ransomware from the system. Unfortunately, it will not be easy to do that because NanoLocker Ransomware does not have an uninstall entry in Control Panel. Generally speaking, it cannot be removed like other simple applications. We will focus on the removal of this threat further in this article.

As you already know, NanoLocker Ransomware encrypts all kinds of files immediately after it manages to enter the system. Specialists working at 411-spyware.com have run a few tests and are sure that NanoLocker Ransomware will touch files with such filename extensions as .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .java, .jpeg, .pptm, .pptx, .xlsb, .xlsm, .db, .docm, .sql, and .pdf. These extensions indicate that NanoLocker Ransomware is primarily aimed at various documents and pictures, but, of course, it might encrypt other files too. After the detection and encryption of your files, NanoLocker Ransomware will put a message on the screen with such or a similar text:

NanoLocker 1.29

Your important files are encrypted: photos, documents, etc.

To get Key to decrypt files you have to pay 0.1 bitcoin (BTC) ~$43.

The message not only informs users that their files are encrypted and states the sum that has to be paid (0.1 Bitcoins), but also helps users to buy Bitcoins, tells how to send them step by step, and warns that the use of third-party decryptors or antimalware tools will result in the deletion of all the files. It says that this will happen if a user decides to contact the Police or FBI as well. Unfortunately, there are no guarantees that you will gain access to your files after you make a payment to cyber criminals too, so you should think twice whether you really want to pay them. Do not worry; there is a way to gain access to the encrypted files without paying money. Specialists say that you can easily restore your files from a backup. If you do not have one, there are, unfortunately, no other ways to do that at the time of writing.

Researchers who have tested NanoLocker Ransomware have also observed that this infection will put two files on the desktop: Decryptor.lnk and ATTENTION.RTF. The first file opens lansrv.exe located in C:\Users\user\AppData\Local, whereas the second one contains the same information that can be found in the screen-sized message. As can be seen, NanoLocker Ransomware wants that you know what you have to do next. Moreover, it has been observed that NanoLocker Ransomware will also add the LanmanServer value to be able to start together with Windows. In other words, it will not disappear after you restart your browser. This value can be found by following this path HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.

Thousands of users cannot understand how NanoLocker Ransomware has managed to slither onto their computers. The explanation is, actually, rather simple. It has been found that this ransomware infection is mainly spread through infectious email attachments. Do not open any attachment if you are not sure that it is good and sent by a sender you know. Security specialists also say that this threat might enter your system after you click on a bad link or some kind of ad placed on a suspicious web page. Last but not least, other malicious programs existing on your PC might have downloaded NanoLocker Ransomware on your system as well. You should be very cautious in the future in order not to encounter NanoLocker Ransomware or a similar infection. In addition, it would be really clever to install a security tool on the system and enable it.

NanoLocker Ransomware should be fully removed from the system as soon as possible because it might encrypt new files you create or add on the system. In addition, only the full NanoLocker Ransomware removal will make an annoying warning message disappear from your screen. Below are placed instructions that will help you to get rid of the ransomware infection. As NanoLocker Ransomware is probably not the only threat existing on your PC, scan your system with a reputable antimalware tool (e.g. SpyHunter) after you have finished erasing it. You can upgrade an antimalware tool and leave the NanoLocker Ransomware removal for it too if you do not think that you can get rid of this ransomware infection manually.

Delete NanoLocker Ransomware from my PC

1. Open Explorer (Windows key + E).
2. Enter C:\Users\user\AppData\Local in the address bar.
3. Find the lansrv.exe file, click on it, and delete it.
4. Open the Registry Editor (tap the Windows key + R simultaneously, enter regedit, and click OK).
5. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
6. Find the LanmanServer value with the C:\Users\user\AppData\Local\lansrv.exe value data.
7. Right-click on it and select Delete.
8. Remove these files from the desktop: Decryptor.lnk and ATTENTION.RTF, if they are still there.