Home Malware Programs Ransomware BigEyes Ransomware

BigEyes Ransomware

Posted: January 17, 2018

Threat Metric

Threat Level: 5/10
Infected PCs: 90
First Seen: June 16, 2023
OS(es) Affected: Windows

The BigEyes Ransomware or the Lime Ransomware is a file-locking Trojan that can keep you from being able to access documents, pictures, and other, non-essential media. Symptoms that malware experts identify include changes to the extensions on the names of your files, alterations to the desktop's background, and pop-up interfaces that ask for ransoms. Victims always should test all non-ransom-based data retrieval options first, and have an appropriate security program uninstall the BigEyes Ransomware to prevent other attacks.

Trojans with Big Eyes on Your File Data

Not every single file-locking Trojan out in the wild is a byproduct of an older one, like the proliferation of threats from the Hidden Tear, the Globe Ransomware and the Jigsaw Ransomware families. Relatively independent ones also can leverage attacks that block data with simple encryption ciphers, such as the BigEyes Ransomware. No word is, yet, verifiable on how it spreads, although malware experts are noting that its threat actors use ransoming terminology mostly consistent with low-level attacks against recreational systems instead of business sector servers.

The BigEyes Ransomware conducts attacks using the ever-popular cryptography option of an AES cipher, which can convert your files to non-opening, encoded equivalents. Every file that it locks in this fashion, which can include documents, archives, spreadsheets, movies, audio, or images, also has the addition of a '.Lime' extension (for example, 'dog.bmp.Lime'). However, the file-locking portion of this Trojan ('Crypt.exe') is one of a total of three components.

The BigEyes Ransomware also resets the background to a simple image stating the threat actor's demand of one hundred USD in Bitcoins for any file recovery. The file-locking component also creates a duplicate of these instructions within an HTA pop-up, which has the addition of a thirty-day limit before your media is, in theory, unrecoverable.

The BigEyes Ransomware's final element is its separate decryption program, although malware experts discourage paying for it until you test every other strategy for unlocking your files.

Don't Close Your Eyes to File-Locking Problems

The BigEyes Ransomware's authors possess few indicators of having significant experience or funding for their Trojan's campaign, which is using a free e-mail address that, most likely, is already terminated at this article's publication date. Malware experts have, thus far, been unable to confirm any features in the BigEyes Ransomware's payload that would trigger after the elapse of the thirty-day limit, but its authors may be planning on deleting each decryption code manually. Saving your files can be dependent on the previous existence of a secure backup or the help of members of the anti-malware community with encryption reverse-engineering experience.

Although malware experts find no skeletal or incomplete features inside of the BigEyes Ransomware's payload, the Trojan's distribution strategies are unknown. Exploits that file-locker Trojans use with particular frequency include attaching their installers to e-mail messages or abusing Remote Desktop Protocol vulnerabilities. At this time, nearly half of the well-established brands of anti-malware products are eliminating the BigEyes Ransomware accurately, and users should increase that chance by updating their security software when they're prompted.

Since it has little that's new to offer, the BigEyes Ransomware is less of a new archetype than it is a reinforcement of old ones among file-locking Trojans. But a threat actor doesn't need to be creative necessarily, as long as the average user continues falling for the same, old tricks.

Loading...