BigEyes Ransomware
Posted: January 17, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 90 |
| First Seen: | June 16, 2023 |
|---|---|
| OS(es) Affected: | Windows |
The BigEyes Ransomware or the Lime Ransomware is a file-locking Trojan that can keep you from being able to access documents, pictures, and other, non-essential media. Symptoms that malware experts identify include changes to the extensions on the names of your files, alterations to the desktop's background, and pop-up interfaces that ask for ransoms. Victims always should test all non-ransom-based data retrieval options first, and have an appropriate security program uninstall the BigEyes Ransomware to prevent other attacks.
Trojans with Big Eyes on Your File Data
Not every single file-locking Trojan out in the wild is a byproduct of an older one, like the proliferation of threats from the Hidden Tear, the Globe Ransomware and the Jigsaw Ransomware families. Relatively independent ones also can leverage attacks that block data with simple encryption ciphers, such as the BigEyes Ransomware. No word is, yet, verifiable on how it spreads, although malware experts are noting that its threat actors use ransoming terminology mostly consistent with low-level attacks against recreational systems instead of business sector servers.
The BigEyes Ransomware conducts attacks using the ever-popular cryptography option of an AES cipher, which can convert your files to non-opening, encoded equivalents. Every file that it locks in this fashion, which can include documents, archives, spreadsheets, movies, audio, or images, also has the addition of a '.Lime' extension (for example, 'dog.bmp.Lime'). However, the file-locking portion of this Trojan ('Crypt.exe') is one of a total of three components.
The BigEyes Ransomware also resets the background to a simple image stating the threat actor's demand of one hundred USD in Bitcoins for any file recovery. The file-locking component also creates a duplicate of these instructions within an HTA pop-up, which has the addition of a thirty-day limit before your media is, in theory, unrecoverable.
The BigEyes Ransomware's final element is its separate decryption program, although malware experts discourage paying for it until you test every other strategy for unlocking your files.
Don't Close Your Eyes to File-Locking Problems
The BigEyes Ransomware's authors possess few indicators of having significant experience or funding for their Trojan's campaign, which is using a free e-mail address that, most likely, is already terminated at this article's publication date. Malware experts have, thus far, been unable to confirm any features in the BigEyes Ransomware's payload that would trigger after the elapse of the thirty-day limit, but its authors may be planning on deleting each decryption code manually. Saving your files can be dependent on the previous existence of a secure backup or the help of members of the anti-malware community with encryption reverse-engineering experience.
Although malware experts find no skeletal or incomplete features inside of the BigEyes Ransomware's payload, the Trojan's distribution strategies are unknown. Exploits that file-locker Trojans use with particular frequency include attaching their installers to e-mail messages or abusing Remote Desktop Protocol vulnerabilities. At this time, nearly half of the well-established brands of anti-malware products are eliminating the BigEyes Ransomware accurately, and users should increase that chance by updating their security software when they're prompted.
Since it has little that's new to offer, the BigEyes Ransomware is less of a new archetype than it is a reinforcement of old ones among file-locking Trojans. But a threat actor doesn't need to be creative necessarily, as long as the average user continues falling for the same, old tricks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.