BigEyes Ransomware

The BigEyes Ransomware is an encryption ransomware Trojan. These threats are designed to encrypt the victims' files using a strong encryption algorithm, which makes them unusable. They will then demand a ransom payment from the victim in exchange for the decryption key needed to restore the affected files. Threats like the BigEyes Ransomware take victims' files hostage in exchange for a ransom payment. The BigEyes Ransomware was first observed on January 15, 2018. These threat infections are one of the reasons that make it necessary that computer users protect their data by having file backups on the cloud and a security program that is fully up-to-date.

The Big, Bad Eyes that will Mess Up Your Files

The BigEyes Ransomware may be delivered to victims in the form of a PDF of DOCX file included as an attachment in spam email messages. The BigEyes Ransomware also may be distributed as a fake version of commonly used software. The BigEyes Ransomware runs as an executable file named 'BigEyes.exe' on the infected computer. The BigEyes Ransomware has several variants, which may include the Fsociety Ransomware and the LimeDecryptor Ransomware. The BigEyes Ransomware will use a strong encryption algorithm to make the victim's files inaccessible, targeting a wide variety of the user-generated files, which may include photos, music, videos, text, and numerous other document types. These threats will refrain from infecting the Windows system files since they require the victim's operating system to remain functional so that the victim can read a ransom note and carry out payment. The BigEyes Ransomware may affect a wide variety of files during its encryption process such as:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The files encrypted by the attack will no longer be recognized by Windows Explorer and will show up as blank icons. The BigEyes Ransomware will add the file extension '.Lime' to each compromised file.

The Ransom's Demand of the BigEyes Ransomware

The BigEyes Ransomware will deliver two files named '#BackGround.png' and '#Decryptor.exe' after encrypting the victim's files, which will be dropped on the infected computer's desktop. The first of these files changes the infected computer's desktop image, while the second load a program window. Both of them will contain the BigEyes Ransomware's ransom note, a message alerting the victim to pay a ransom of 100 USD in Bitcoin, with a contact email address on the Dark Web and a Bitcoin wallet where the victim can carry out the payment. It is clear that the BigEyes Ransomware is a fully implemented threat that includes the payment method and an effective encryption routine, while many ransomware Trojans are released in incomplete versions that make it impossible to carry out a payment. The full text of the BigEyes Ransomware ransom note reads:

'All your files have been encrypted
But You can still recover your files
Just send us 100$ Bitcoin, And we will give you your files back
After you pay us, send us email r3vo@protonmail.com
include your transaction number
This is Ransomware, It's not a joke
Thanks
Bye'

Ransom payments are something that should always be avoided. The affected files should be restored from a backup copy after removing the BigEyes Ransomware infection itself completely.