Home Malware Programs Ransomware Lime Ransomware

Lime Ransomware

Posted: April 5, 2019

Ransomware operators usually rely on various propagation methods to spread their threatening file-lockers – spam emails, fake downloads, fake hacking tools, pirated media, etc. However, the authors of the Lime Ransomware have adopted a different approach that we rarely see being used by ransomware operators – they rely on a recent version of the infamous NJRat (Remote Access Trojan) to drop the Lime Ransomware on the computers it infects. According to the forum post advertising the ‘NJRat 0.7.9 Lime Edition’, the tool contains all of the Trojan’s features and also can drop a copy of the Lime Ransomware that will make sure to encrypt a big portion of the victim’s files. Another name that could be used for the Lime Ransomware is the BigEyes Ransomware.

Since the Lime Ransomware is offered in a package with the NJRat, it is possible that cybercriminals from all over the world may take advantage of its features. So far, there are two confirmed cases where the Lime Ransomware has infected a computer.

The first case is from January 2019 and drops the ransom message ‘Ransomware.txt’ to provide the victim with instructions. However, it appears to be poorly configured, since the ransom note does not contain a contact email or Bitcoin wallet address to send money to that so it would be impossible for the victim to get in touch with the perpetrator. It uses the ‘.Lime’ extension to mark the locked files.

The second variant first appeared in February 2019, and it once again takes advantage of the '.Lime' extension to mark the names of the files it locks. However, it drops the ransom message 'READ-ME-NOW.txt,' which contains a ransom note, email address, Bitcoin address, and a list of the locked files. Due to the inclusion of a list of the locked files, the ransom note may often be a few megabytes in size – something that is not typical for text files.

Thankfully, the Lime Ransomware appears to be decryptable, and its victims should not even think about trying to cooperate with the criminals who took their files as hostages. Remember that before you use any decryptors, you should make sure to eliminate the Lime Ransomware and the NJRat by using an up-to-date anti-malware tool. When you complete this step, you can search for free Lime decryption options online.

Related Posts

Loading...