What is LIGMA.exe? Should I remove it?

LIGMA.exe is a malicious executable used by LIGMA ransomware

LIGMA.exe — is an executable file responsible for initiating the malicious processes on the LIGMA ransomware infected device. File locking malware is known to encrypt personal data on the system, and for this process to work, virus drops multiple files, such as LIGMA.exe, Payloads.dll, work.bat, mbr.bin, into C:\WinWOW32. Then, the encryption process affects data on the system, including documents, photos, videos or even archives. This particular ransomware that uses AES-256[1] encryption method and marks encoded files with .ForgiveMe file extension was discovered in September 2018. The virus operates a bit differently than typical ransomware[2] because there is no possibility to pay the ransom and get your files decrypted. Ligma is a ransomware-wiper virus. 

Name LIGMA.exe
Type Executable file
Related LIGMA ransomware
File extension .ForgiveME
Responsible for Launching the virus
Danger level Encrypts files on the device
Distribution With ransomware via spam email attachments
Elimination Use FortectIntego and clean your system

The ligma.exe virus often called like that because the ransomware related to the executable file causes various damage on the device including data-locking and changes on the registry. Ransomware changes Windows registry keys in order to start automatically each time the computer turned on.

When the ligma.exe file is launched it starts the following actions:

  • scans the device to read the name, location, and language of the computer system;
  • modifies registry keys/adds new ones;
  • deletes shadow volume copies.

If your device is infected with LIGMA ransomware, your screen gets locked with the ransom message displayed before you. This ransom note is not typical and not demanding for a ransom since this virus is designed to wipe clean your device.

The black lock screen displays the following:

This PC is dead because you did n't follow the rules.
Your PC will never work again.

NOTE: Even if you fix the MBR your Your PC Is Dead.
Entire Registry is Fucked and your files are infected.

LIGMA ransomware is designed for Windows 7 supporting PCs and according to the analysis[3], the main ransomware file and this executable can be detected as malicious by antivirus programs. 

Because of this fact, you need to perform LIGMA.exe removal using your antivirus and clean the remaining virus damage with anti-malware tools like FortectIntego. You should scan your device with this program to remove malicioius files and programs entirely off of your device. 

Unfortunately, your data is not going to be decrypted, but if you remove LIGMA.exe properly, you can try various methods of data recovery. It can be done using Windows Previous Versions feature or ShadowExplorer if the Shadow Volume Copies remain untouched. 

Ransomware payload is hidden in files attached to spam emails

Malware researchers[4] advise users to pay more attention to what they are clicking on, including questionable emails. Spam box is filled with commercial content and emails from companies, services. However, phishing email campaigns can be more luring. Emails with malicious attachments can often be confused with legitimate ones, as crooks try to imitate high-profile organizations and companies, such as Amazon, UPS, FedEx, various banks, tax offices, etc.

Malicious emails contain invoices, receipts or other important-looking documents which are infected with the malicious script. If you are not paying attention to details like typos, grammar mistakes or not common senders' name you may get dangerous malware installed on your device immediately when you download and open this infected file.

Terminate LIGMA.exe and clean your system from virus damage

To remove LIGMA.exe, you need to enter the Safe Mode with Networking and use your antivirus program. For further system cleaning employ professional anti-malware tools like FortectIntego, SpyHunter 5Combo Cleaner, Malwarebytes. When you delete the ransomware virus, all these malicious files get eliminated too, and your system can be safe again.

Automatic LIGMA.exe removal is the best solution because eliminating a sophisticated virus manually is almost impossible. After this process, you can try to replace encoded data from a backup or use data recovery tools and features to restore them on the device. 

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions