EN
DE
Unmasking New Ran: A Vicious Ransomware Menace
First introduced to the cyber world in October 2021, New Ran is a pernicious ransomware variant that began a reign of terror within the tech-savvy community. New Ran ransomware poses an imposing threat due to its ability to encrypt the victim’s files and demand a hefty ransom for their recovery. The ransomware was notably used in attacks on Authorize.net and the popular Kaseya VSA platform, with the attackers demanding massive payoffs in each instance.
Information on “New Ran Ransomware”
| Ransomware Name(s) | New Ran |
|---|---|
| First Detection/Reported | October 2021 |
| Affects OS | Windows |
| File Extension | .lalo |
| Ransom Note Name | Readme.lalo.txt |
Additional Information
- New Ran is dubbed so because it evolves from the notorious Ranzy Locker and ThunderX ransomware families.
- New Ran primarily targets businesses and organizations rather than individual personal systems.
- The threat actors behind New Ran release the decryption keys to the public if their demands are not met within a given deadline.
- The ransomware operators engage with the victims via an email address provided in the ransom note.
- Similarly to most ransomware operators, New Ran operators tend to double-dip by not only encrypting the data but also exfiltrating it for potential information selling or threat of publishing online.
If your organization falls victim to the New Ran ransomware or any other such malicious software, immediate action is crucial. Our ransomware decryption service specializes in helping businesses recover their data and restore operations with minimal downtime. Trust in our expertise to navigate through the complexities of ransomware recovery.
Related posts
The Emergence of the Crimson Collective Ransomware
Crimson Collective is a newly identified ransomware-related cyber threat group that surfaced around September 2025. While often associated with ransomware-style extortion, the group primarily focuses on large-scale data exfiltration and leverage-based attacks rather than traditional file encryption. Their operations have drawn significant attention following claims of a major breach involving Red Hat, where they allegedly […]
19.03.2026
The Emergence of the Insomnia Ransomware
Insomnia is a newly identified cyber threat operation that surfaced around October 2025, initially appearing as a ransomware-related threat actor, but quickly distinguishing itself through a fundamentally different approach. Unlike traditional ransomware groups, Insomnia does not rely on file encryption or the use of a ransomware file extension. Instead, it focuses exclusively on large-scale data exfiltration and […]
19.03.2026
The Emergence of the Tengu Ransomware
Tengu is a modern ransomware variant that surfaced around October 2025 and has quickly established itself as an active cyber threat across multiple regions. Operating as a Ransomware-as-a-Service (RaaS) model, Tengu enables affiliates to carry out attacks using shared infrastructure and tooling. Once deployed, the malware encrypts victim data and appends the ransomware file extension “.tengu” to affected files, […]
19.03.2026
News Week: March 9th to March 15th, 2026
ClickFix Variant Abuses Windows Terminal to Bypass Security Controls A newly observed ClickFix variant demonstrates how attackers continue refining social engineering techniques to evade detection and increase success rates. Instead of using the traditional Run dialog, victims are instructed to launch Windows Terminal, creating a more trusted environment for executing malicious commands. Once executed, the […]
16.03.2026You are currently viewing a placeholder content from Wistia. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information