Home / Spyware Help / BigEyes Ransomware Removal Guide

BigEyes Ransomware Removal Guide

by 0 Comments

Do you know what BigEyes Ransomware is?

If you have recently lost access to your files and now have to deal with a pop-up ransom warning named #LimeDecryptor, you are actually dealing with the BigEyes ransomware. The BigEyes ransomware should be removed once it is noticed on the computer, and the system should be shielded from malware so that no unauthorized actions are carried out on your computer.

The BigEyes ransomware was spotted in January, 2018, and is known to be spread by email and through unsafe RDP configurations. As regards emails, or rather spam, the BigEyes threat gets on the computer disguised as a .pdf or .doc file. Whenever you receive an email containing a file attachment or a link to some document, you should make sure that the file you are asked to download or access is safe to use. It is essential to pay attention to the sender. Malware creators use phishing emails to deceive unsuspecting computer users, and if you find anything questionable, do not hesitate to reach out to the sender.

As for preventative measures, not only should you ignore spam and phishing emails, you should also use strong RDP passwords, avoid freeware sharing websites, and keep the system updated. On top, you should make back-ups of your valuable data to storage devices and keep the operating system protected.

Once the BigEyes ransomware is launched, it encrypts files in several directories, including the data stored on the desktop, and in the Video, Documents, and Pictures folders. Each encrypted file is marked by adding the additional extension .lime, without affecting the original file name. Additionally, the infection creates two files containing information about encryption and the user's further actions. The two files, #Background.png and #Decryptor.exe, are created on the desktop. The .png file changes the wallpaper of the desktop, whereas the .exe file launched a program window-like notification that can be closed as any regular window by clicking the X button in the corner.BigEyes Ransomware Removal GuideBigEyes Ransomware screenshot
Scroll down for full removal instructions

According to the information displayed by the BigEye ransomware, all the files on the computer are encrypted, and the only way to restore them is by paying a ransom fee of $100 in Bitcoin. The Bitcoin currency has become the currency of ransomware creators because money transactions are made anonymoysly and are barely traceable. After making a payment, the victim is supposed to contact the attackers at the email r3vo@protonmail.com. People behind ransomware have already earned significant revenues over the last few years just because a lot of people and businesses expected to get their encryted data restored. To ease the money submission, the BigEyes ransomware provides instructions how to purchase the currency and pay the money for decryption. We stongly advise ou against paying up because the attackers are not likely to decrypt your files. Once you send the ransom money to the digital wallet address 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM, you lose your money for good without any guarantee to regain your data. All that you should focus on once you find that your computer is infected with ransomware is removal, and we encourage you to remove the BigEyes ransomware right now.

The manual removal of the BigEyes ransomware does not take long if you know how to navigate the Windows Registry in which the infection creates its point of execution. Below you will find a removal guide that will help you terminate the infection, but if you want to have it all done for you, simply implement a reputable security application. You cannot know when you will be attacked by a trojan horse, browser hijacker or another ransomware threat, so do not hesitate to implement a reputable application that is capable of terminate all kinds of infections.

How to remove BigEyes Ransomware

  1. Delete the files #BackGround.png and #Decryptor.exe located on the desktop.
  2. Remove questionable recently downloaded files saved to the Downloads folder or any other directory.
  3. Press the keys Win and R simultaneously and type in regedit.
  4. Click OK.
  5. Follow the path HKCU\Software\Microsoft\Windows\CurrentVersion\Run and delete the value named #Decryptor.

In non-techie terms:

The BigEyes ransomware is a malicious infection that infects computers via spam and unprotected RDP services. Once on the computer, the BigEyes threat encrypts files and displays a ransom warning in which the victim is required to pay a ransom fee. Paying up is highly inadvisable, and, instead of wasting your money, you should take action to remove the ransomware and prevent similar incidents.