Lime Ransomware Removal Guide

Do you know what Lime Ransomware is?

If you are introduced to a strange message demanding a payment, and your personal files have the “.lime” extension attached to them, Lime Ransomware must have invaded your operating system. This threat is also known by the name “BigEyes Ransomware,” and this name derives from the original file name that our research team has found the creator of this infection to use. At the time of research, this devious infection was spread using spam emails, in which it was represented as a PDF or DOC file attachment. If you are tricked into opening this file – and a highly misleading message is created to push you into doing that – the encryption process is initiated right away. Without a doubt, you must remove Lime Ransomware from your operating system as soon as possible, but, unfortunately, you cannot recover your files by doing that. In fact, at the moment, nothing can be done to decrypt files. Keep reading to learn more about the threat and how to delete it.

The malicious Lime Ransomware is set to encrypt files in the %USERPROFILE% directory. More specifically, it is meant to encrypt files in Desktop, Documents, Music, Pictures, and Videos folders. It is very important that you look at the files that were corrupted because their original names are not changed, and you can easily identify them. Hopefully, your assessment reveals that you have backups stored online or on external devices, in which case, you must delete Lime Ransomware immediately. If backups do not exist, there is no way for you to recover your files. The creator of the ransomware can use your desperation to trick you into paying a ransom, which is represented using two different ransom notes. These notes are represented via files named “#BackGround.png” and “#Decryptor.exe,” bot of which should be found on the Desktop. The PNG file might replace your Desktop wallpaper, in which case, you will see it right away. According to the message shown via this file, you must send $100 worth of Bitcoin and then email r3vo@protonmail.com to confirm the transaction. Instead of paying attention to the message, you should remove the file right away.

The second ransom note is represented via the “#Decryptor.exe” file. When it is launched, a window is displayed on your screen. The message is more extensive, and it includes the Bitcoin Address (1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM) that the creator of Lime Ransomware has set up to accept payments. According to this message, you have 30 days to make the payment, and it is stated that the encrypted files would be deleted after that. That is unlikely to be the case, but, of course, you do not want malware on your system for that long. Although the ransom note suggests that after you pay the ransom, you would get a “key” that would ensure the decryption of files, you should not expect that to happen. Everything that the ransom notes of Lime Ransomware inform you about is only meant to make you pay the ransom quicker. Ultimately, if you pay the ransom, you are not going to get anything in return, and that is why you should not waste your money.

Some Windows users will be able to delete Lime Ransomware manually using the instructions below. In order to achieve success, you need to eliminate the malicious launcher file, the POE in the Windows Registry, and, of course, the ransom note files. There are not many steps, but they can be complicated for someone less experienced. If you feel like you cannot successfully remove Lime Ransomware yourself, do not postpone the installation of anti-malware software that would successfully eliminate this threat automatically. This is what our research team recommends everyone do because anti-malware software can also eliminate undetected threats, as well as protect your system hereafter.

Remove Lime Ransomware

  1. Tap keys Win+R to launch RUN.
  2. Type regedit.exe and click OK to access Registry Editor.
  3. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Find the value named #Decryptor and copy the location of the malicious file linked to this value.
  5. Delete the value and then exit Registry Editor.
  6. Tap keys Win+E to launch Explorer.
  7. Paste the location of the malicious file into the bar at the top and tap Enter.
  8. Delete the malicious file.
  9. Delete any other recently downloaded suspicious files.
  10. Go to the Desktop and Delete the ransom note files named #BackGround.png and #Decryptor.exe.
  11. Empty Recycle Bin to get rid of these components completely.
  12. Install a legitimate malware scanner to examine your system for any malicious leftovers.

In non-techie terms:

You need to delete Lime Ransomware from your operating system as soon as possible. If some of the encrypted files have backup copies, you will be able to recover them after you erase this threat, but if that is not the case, your personal files are lost. Do not be tricked into paying the ransom because that will not help you recover your files. That will only ensure that your pockets are emptied. If you are more experienced, and if you do not want to protect your operating system against other threats, the guide above could be useful. If you are not experienced enough to deal with ransomware on your own, and if you do care about your virtual security, install trusted anti-malware software ASAP.