We have recently tested a ransomware-type computer infection called VideoBelle Ransomware and concluded that it is based on the Hidden-Tear project. This new ransomware uses the Advanced Encryption Standard (AES) to encrypt your files, and we have received information that its encrypted should be able to decrypt. However, no free decryption tool has been released for it yet, but the potential is there. In any case, we recommend that you remove this ransomware because paying 150 Pounds-worth of Bitcoins might not be an option because your files may not be worth the money. In this short article, we will discuss how this ransomware works, how it is disseminated and how you can delete it.
Let us jump right into how this program works. So, if your PC becomes infected with this program, then it is too late to do anything about it. It starts encrypting your files immediately using the AES encryption algorithm. This algorithm ensures a strong encryption and its unique key for VideoBelle Ransomware has not been cracked yet. This ransomware was configured to target file types such as .rar, .css, .lnk, .xlsx, .ppt, .pptx, .odt, .jpg, .bmp, .png, .csv, .sql, .mdb, .sln, and .php, among others. While encrypting your files, it appends them with a “.locked” file extension, but will not change the names of the files. This ransomware does not lock the PC, so you can still use it. However, all of the files located in %USERPROFILE%\\Videos, %USERPROFILE%\\Music, %USERPROFILE%\\Pictures, %USERPROFILE%\\Documents, %USERPROFILE%\\Downloads, and %USERPROFILE%\\Desktop will be encrypted and, thus, useless.
VideoBelle Ransomware will drop a ransom note named Message_Important in each folder where your files were encrypted. The note features an email address (firstname.lastname@example.org) that you need to send a message to get into contact with the developers behind this ransomware to get further instructions on how to pay the ransom. The note also featured a Bitcoin wallet address to which you are asked to send 150 Pounds worth of Bitcoins. The cyber criminals promise to send the decryption key to you via email. However, we want to make it clear that you cannot trust cyber crooks to keep their end of the bargain. Hence, they can get your money but never send you the decryption key.
As mentioned, VideoBelle Ransomware is based on the Hidden-Tear project that was abandoned by its original developer. Still, he released the code to the public and cyber criminals got their hands on it and started releasing ransomware. Therefore, VideoBelle Ransomware is somewhat similar to Resurrection Ransomware, Decryption Assistant Ransomware, called Kill Zorro Ransomware, and many other ransomware-type programs, though they can come from different developers that used Hidden-Tear as the basis for the ransomware.
It is not yet known how VideoBelle Ransomware is distributed. Nevertheless, it is reasonable to assume that, like most ransomware, it is distributed using malicious emails that are sent to a list of random email addresses in an effort to infect as many PCs as possible. The emails can be disguised as legitimate, but they should not contain much text. They should have the main executable file of this ransomware attached to it and when you try to open it, and then it would infect your PC.
VideoBelle Ransomware is a dangerous computer infection that can render your valuable files into useless collections of bytes. However, paying the hefty ransom may not be an option for you as your files might not be worth the money. For this reason, we recommend that you remove it using our guide that includes using SpyHunter’s free malware scanner to detect it (provided that you cannot locate the malware) and then delete it manually.