LIGMA Ransomware

The LIGMA Ransomware is a file-locking Trojan that encrypts various formats of media on your computer, creates warning messages, and damages the Windows operating system. Since its corruption of Windows components may or may not be recoverable without losing other files, the users should be careful about maintaining a backup schedule that keeps this threat's harm minimized. Dedicated anti-malware programs can remove the LIGMA Ransomware on sight, which may use distribution techniques from different threat actors.

The Trojan that Robs a House Before Setting It Aflame

File-locker Trojans, while they're efficient at encoding data for preventing any access to it, rarely indulge in attacks with a greater scope than those of just erasing backups and encrypting data like documents. However, the free code-resource host of GitHub is becoming a source for a new file-locker Trojan kind: the LIGMA Ransomware. Instead of contenting itself with holding your media hostage, the LIGMA Ransomware damages Windows, too.

The LIGMA Ransomware is a .NET Framework 4.7.1 program that doesn't include a decryption component, unlike most file-locker Trojans. The free version of the LIGMA Ransomware also warns any users when they try to run it, although any threat actors using the LIGMA Ransomware in a live campaign will remove this safety feature almost assuredly. If they disregard the warning, the rest of the LIGMA Ransomware's payload will run. The early investigation by malware researchers can confirm the following default functions in it:

• The LIGMA Ransomware uses a secure hash standard version of the AES-256 algorithm for locking the files on your computer. Usually, criminals will sell a decryption solution of some kind for unlocking the victim's media, but the LIGMA Ransomware doesn't have a ransoming message in its GitHub version.
• Some Windows features are made unavailable, including security-oriented ones like the UAC and the Registry Editor.
• The LIGMA Ransomware also may create symptoms related to interfering with the user's input or experience, such as playing sound effects or moving the cursor. These functions have no evident purpose beyond annoying the victim.
• The LIGMA Ransomware can hide the Windows UI elements like the menu and the Control Panel entries.
• Especially critically, the LIGMA Ransomware corrupts the partition table and the MBR, which causes Windows to crash and become non-functional.

Staving Off a Joking Trojan with a Terrible Punchline

Although the LIGMA Ransomware is one of several threats capitalizing on memes for its infamy, like the Desu Ransomware, the Keep Calm Ransomware, or many versions of Hidden Tear and the Jigsaw Ransomware's families, the LIGMA Ransomware is more destructive than any of the others potentially. Recovery USBs, DVDs, and CDs are highly useful for recovering a usable MBR for Windows. Niche software also can help with restoring the partition table. Without doing so, the operating system will show nothing more than the infamous 'Blue Screen of Death' and the LIGMA Ransomware's warning messages.

The LIGMA Ransomware is free to any criminals with a vested interest in abusing it, although its absence of a decryption component, and its system-damaging features, make it less user-friendly for threat actors than Hidden Tear's equivalent, toned-down payload. Regarding defenses for the average user, malware experts advise scanning downloads with AV software, avoiding piracy-related media, using secure login credentials, and reading e-mails carefully for telltale signs of a hoax. Anti-malware programs should remove the LIGMA Ransomware in most circumstances cleanly, but file decryption and Windows partition or MBR repair are not part of the purview of these security products.

Why the author chose to make the LIGMA Ransomware so destructive is anyone's guess. Even though its attacks counter the reason for most file-locking Trojans' existence, that problem isn't one that helps the victim at all.