Bl9c98vcvv Ransomware
If the Bl9c98vcvv Ransomware manages to sneak its way onto a computer, the Bl9c98vcvv Ransomware will initiate its encryption process that targets all popular file types. Affected users will find that they can no longer access their private pictures, video and audio files, photos, etc. Not to mention that business-related files such as databases, documents, and spreadsheets will be locked as well, which could have even more significant consequences. All files encrypted by the Bl9c98vcvv Ransomware will have '.Bl9c98vcvv' added to their original filenames as a new extension. The ransom note with instructions from the criminals is presented in two ways – text files named 'HOW TO DECRYPT FILES.txt' will be dropped in every folder containing encrypted data, accompanied by a pop-up window with the same text being generated.
The Bl9c98vcvv Ransomware may not be an entirely unique threat, as it belongs to the Xorist Ransomware family. However, that doesn't make it any less damaging. The Bl9c98vcvv Ransomware might have been designed to target users that speak the Portuguese language specifically, as the ransom notes it drops are written in English and translated in Portuguese. The hackers have decided to break away from the ransom's typical demands for the restoration of the encrypted files being paid in Bitcoin. Instead, they want the victims of the Bl9c98vcvv Ransomware to send them codes for unused, prepaid vouchers, or through the Ukash/Paysafecards digital systems for prepaid online payments. Links with more details on how to use these systems are included in the ransom note. Another departure from what is considered the norm in ransomware behavior is the criminals' apparent lack of fear in using a Gmail address for contact - tenagliamirella@gmail.com.
The full text of the note used by the Bl9c98vcvv Ransomware is:
'All your files are encrypted!
To decrypt them you need to
send a voucher code or Paysafecard Ukash at email: tenagliamirella@gmail.com
In return you get a code to decrypt files.
You can find more information here hxxp://ukash.com/uk/en/home.aspx
or hxxp://www.paysafecard.com/choose-country/
PLEASE READ CAREFULLY!
To avoid problems, TURN OFF YOUR ANTI-VIRUS!
AKA restore your files WILL NOT!
===============
Todos os seus arquivos estão criptografados!
Para decifra-los voce precisa
enviar um codigo de voucher Ukash Paysafecard ou no e-mail: tenagliamirella@gmail.com
Em troca, voce recebera um codigo para decifrar arquivos.
Voce pode encontrar mais informacao aqui hxxp://ukash.com/uk/en/home.aspx
ou hxxp://www.paysafecard.com/choose-country/
LEIA COM ATENCAO!
Para evitar problemas, DESLIGUE seu anti-virus!
AKA restaurar seus arquivos nao serao!'
Table of Contents
Should You Pay the Ransom?
Viruses like this are designed to scare the victim into doing anything to get their data back, including paying a ransom fee. Security experts always recommend against paying the ransom, however. You should never pay the people behind Bl9c98vcvv ransomware. The criminals behind ransomware regularly ignore victims once they make the payment and disappear without a trace – never providing the promised decryption tools. There have been several such incidents where people lose their money along with their data. You shouldn’t trust the attacker to live up to their end of the bargain. If they were so evil as to attack an innocent person and extort money from them, what makes you think they would be honorable enough to follow through on a deal?
What Should You Do?
So, what should you do if you fall victim to the ransomware? The first thing you want to do is remove the virus from your computer as soon as possible. This will help prevent further infections. When it comes to restoring your damaged data, you should use a backup. Unfortunately, not everyone keeps backups of their critical data. In these cases, you can consider trying file recovery applications. These applications can find and restore undamaged versions of your data. Don’t count on them for ransomware like Bl9c98vcvv, however, as these viruses like to delete the Shadow Volume Copies data recovery software rely on. There’s a chance even the best recovery software will have nothing to work with.
How Does Bl9c98vcvv Spread?
Crypto viruses like this primarily spread through malspam campaigns. Criminals send plenty of spam messages to targeted users. These emails claim to have crucial information the reader needs to know. They contain attachments and malicious links to documents, PDF files, archives, JavaScript files, or executable files. Once the person downloads and runs the file, their computer is infected with Bl9c98vcvv ransomware.
This is why the best way to avoid ransomware infections is to never click on links and attachments on spam emails. If you aren’t sure where an email comes from, just ignore it and delete it. If it’s already too late and you have Bl9c98vcvv ransomware on your computer already, take steps to remove it as quickly as possible and begin the data recovery process.
