Get the 411 on Spyware
Lime Ransomware Removal Guide
So, your operating system was invaded by Lime Ransomware, what’s next? If you discover this threat right when it slithers in – which is highly unlikely – you might be able to remove it before anything bad happens. Unfortunately, most discover this threat only after it encrypts their files. This devious threat goes after your personal videos, photos, music files, and documents that are stored in the %USERPROFILE% directory. If you do not delete Lime Ransomware in time, it successfully encrypts files, and there is no turning back after that. At the time of research, third-party tools that could decrypt files corrupted by this malware did not exist. Manual decryption was not possible either. The solution offered by the creator of the ransomware, of course, was bogus. So, does that mean that your files are irreversibly damaged? Most likely, they are, but that does not mean that there is nothing you need to do. Whether or not your personal files are lost, you must focus on the elimination of malware.
There are plenty of ransomware infections out there, and Lime Ransomware – also known as BigEyes Ransomware – is just a drop in the ocean. Some of the most recent threats discovered by our research team include Krypton Ransomware, MoneroPay Ransomware, and Rapid Ransomware. Although not in all cases, many of these infections are distributed using misleading spam emails. The messages within these emails are meant to trick the potential victims into opening files attached to them. According to our research, the spam emails distributing Lime Ransomware are likely to conceal the launcher of this threat as a DOC or PDF file. When the file is opened, the user is unlikely to realize what is going on. They are unlikely to realize what is going on when the devious infection starts encrypting files because this process is silent. Besides encrypting files, the ransomware also creates a point of execution in the Registry (HKCU\Software\Microsoft\Windows\CurrentVersion\Run), as well as two ransom note files. All of these components must be deleted when you start the removal process.
It is most likely that you will discover the ransom demands before you find the “.lime” extension attached to the names of the corrupted files. Lime Ransomware is likely to use “#BackGround.png” to represent the demands via the Desktop background image. This image file has text on it, and it states that your files can be recovered only if you pay a ransom of 100 USD and then communicate with cyber crooks via r3vo@protonmail.com. You are asked to send the payment transaction number. The second file created by Lime Ransomware is called “#Decryptor.exe.” This one launches a window. The same ransom sum and email address are represented via the message within this window. It also provides victims with steps on how to make the payment. This window also includes an area in which you allegedly need to apply the decryption key. If you believe that this key would be given to you if you paid the ransom, you are wrong. Cyber criminals will not help you decrypt your files, and instead of focusing on how to pay the ransom, you should focus on the removal of malware.
Can you follow the steps below? If you are confident that you can, you might be able to remove Lime Ransomware manually. But what if you cannot eliminate this malicious infection on your own? In this case, it is strongly advised that you employ a legitimate and trusted anti-malware program. Remember that many security tools and malware removers available online are bogus and are set up by schemers only to take your money. You need to be selective when it comes to choosing the right tool. If you install the right one, of course, you will not need to delete any threats on your own, and you will not need to worry about malware in the future either. Although anti-malware software should protect you, there is one more thing you can do to ensure that your files are not harmed in the future. You can back them up! If you have any questions about Lime Ransomware, the removal, or Windows security, add them to the comments section for our malware research team.
How to delete Lime Ransomware
- Delete all recently downloaded suspicious files.
- Delete the #BackGround.png and #Decryptor.exe files found on the Desktop.
- Launch RUN by tapping Win+R and then enter regedit.exe into the dialog box.
- In Registry Editor move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
- Delete the value named #Decryptor (check the value data to see if you have eliminated the file too).
- Once you Empty Recycle Bin, immediately perform a full system scan using a reliable malware scanner.
