What is LIGMA.exe? Should I remove it?

by Lucia Danes - -
LIGMA.exe

LIGMA.exe is a malicious executable used by LIGMA ransomware

LIGMA.exe — is an executable file responsible for initiating the malicious processes on the LIGMA ransomware infected device. File locking malware is known to encrypt personal data on the system, and for this process to work, virus drops multiple files, such as LIGMA.exe, Payloads.dll, work.bat, mbr.bin, into C:\WinWOW32. Then, the encryption process affects data on the system, including documents, photos, videos or even archives. This particular ransomware that uses AES-256[1] encryption method and marks encoded files with .ForgiveMe file extension was discovered in September 2018. The virus operates a bit differently than typical ransomware[2] because there is no possibility to pay the ransom and get your files decrypted. Ligma is a ransomware-wiper virus. 

Name LIGMA.exe
Type Executable file
Related LIGMA ransomware
File extension .ForgiveME
Responsible for Launching the virus
Danger level Encrypts files on the device
Distribution With ransomware via spam email attachments
Elimination Use Reimage and clean your system

The ligma.exe virus often called like that because the ransomware related to the executable file causes various damage on the device including data-locking and changes on the registry. Ransomware changes Windows registry keys in order to start automatically each time the computer turned on.

When the ligma.exe file is launched it starts the following actions:

  • scans the device to read the name, location, and language of the computer system;
  • modifies registry keys/adds new ones;
  • deletes shadow volume copies.

If your device is infected with LIGMA ransomware, your screen gets locked with the ransom message displayed before you. This ransom note is not typical and not demanding for a ransom since this virus is designed to wipe clean your device.

The black lock screen displays the following:

YOUR PC LIGMA BALLS xD
This PC is dead because you did n't follow the rules.
Your PC will never work again.

NOTE: Even if you fix the MBR your Your PC Is Dead.
Entire Registry is Fucked and your files are infected.

LIGMA ransomware is designed for Windows 7 supporting PCs and according to the analysis[3], the main ransomware file and this executable can be detected as malicious by antivirus programs. 

Because of this fact, you need to perform LIGMA.exe removal using your antivirus and clean the remaining virus damage with anti-malware tools like Reimage. You should scan your device with this program to remove malicioius files and programs entirely off of your device. 

Unfortunately, your data is not going to be decrypted, but if you remove LIGMA.exe properly, you can try various methods of data recovery. It can be done using Windows Previous Versions feature or ShadowExplorer if the Shadow Volume Copies remain untouched. 

Ransomware payload is hidden in files attached to spam emails

Malware researchers[4] advise users to pay more attention to what they are clicking on, including questionable emails. Spam box is filled with commercial content and emails from companies, services. However, phishing email campaigns can be more luring. Emails with malicious attachments can often be confused with legitimate ones, as crooks try to imitate high-profile organizations and companies, such as Amazon, UPS, FedEx, various banks, tax offices, etc.

Malicious emails contain invoices, receipts or other important-looking documents which are infected with the malicious script. If you are not paying attention to details like typos, grammar mistakes or not common senders' name you may get dangerous malware installed on your device immediately when you download and open this infected file.

Terminate LIGMA.exe and clean your system from virus damage

To remove LIGMA.exe, you need to enter the Safe Mode with Networking and use your antivirus program. For further system cleaning employ professional anti-malware tools like Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes. When you delete the ransomware virus, all these malicious files get eliminated too, and your system can be safe again.

Automatic LIGMA.exe removal is the best solution because eliminating a sophisticated virus manually is almost impossible. After this process, you can try to replace encoded data from a backup or use data recovery tools and features to restore them on the device. 

Offer
do it now!
Download
Problem diagnosis program Happiness
Guarantee
Download
Problem diagnosis program Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is a recommended tool to scan your system for possible threats and crappy software. The trial version of the product will find harmful applications in your system.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References


Files
Software
Compare