Bl9c98vcvv Ransomware

Bl9c98vcvv Ransomware Description

If the Bl9c98vcvv Ransomware manages to sneak its way onto a computer, the Bl9c98vcvv Ransomware will initiate its encryption process that targets all popular file types. Affected users will find that they can no longer access their private pictures, video and audio files, photos, etc. Not to mention that business-related files such as databases, documents, and spreadsheets will be locked as well, which could have even more significant consequences. All files encrypted by the Bl9c98vcvv Ransomware will have '.Bl9c98vcvv' added to their original filenames as a new extension. The ransom note with instructions from the criminals is presented in two ways – text files named 'HOW TO DECRYPT FILES.txt' will be dropped in every folder containing encrypted data, accompanied by a pop-up window with the same text being generated.

The Bl9c98vcvv Ransomware may not be an entirely unique threat, as it belongs to the Xorist Ransomware family. However, that doesn't make it any less damaging. The Bl9c98vcvv Ransomware might have been designed to target users that speak the Portuguese language specifically, as the ransom notes it drops are written in English and translated in Portuguese. The hackers have decided to break away from the ransom's typical demands for the restoration of the encrypted files being paid in Bitcoin. Instead, they want the victims of the Bl9c98vcvv Ransomware to send them codes for unused, prepaid vouchers, or through the Ukash/Paysafecards digital systems for prepaid online payments. Links with more details on how to use these systems are included in the ransom note. Another departure from what is considered the norm in ransomware behavior is the criminals' apparent lack of fear in using a Gmail address for contact -

The full text of the note used by the Bl9c98vcvv Ransomware is:

'All your files are encrypted!

To decrypt them you need to

send a voucher code or Paysafecard Ukash at email:

In return you get a code to decrypt files.

You can find more information here hxxp://

or hxxp://


To avoid problems, TURN OFF YOUR ANTI-VIRUS!

AKA restore your files WILL NOT!


Todos os seus arquivos estão criptografados!

Para decifra-los voce precisa

enviar um codigo de voucher Ukash Paysafecard ou no e-mail:

Em troca, voce recebera um codigo para decifrar arquivos.

Voce pode encontrar mais informacao aqui hxxp://

ou hxxp://


Para evitar problemas, DESLIGUE seu anti-virus!

AKA restaurar seus arquivos nao serao!'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.