VideoBelle Ransomware

The VideoBelle Ransomware is a ransomware Trojan that is used to encrypts files and extort computer users. The VideoBelle Ransomware carries out a typical encryption ransomware Trojan tactic. This tactic consists of encrypting the victims' files by using a strong encryption method. The files encrypted by the VideoBelle Ransomware attack become inaccessible. Once the VideoBelle Ransomware attack has compromised the files, it becomes impossible to restore the affected files, and computer users may only have the option of restoring the affected files by copying them from a backup. The VideoBelle Ransomware encrypts the victims' files to demand a ransom payment. Victims are forced to pay a large amount of money in exchange for the decryption key, which the con artists hold in their possession. PC security analysts first observed the VideoBelle Ransomware in August 2017. The VideoBelle Ransomware seems to be designed to target French speakers mainly (although there is nothing preventing the VideoBelle Ransomware from infecting computers in other parts of the world).

The Ugly Attack Executed by the VideoBelle Ransomware

The VideoBelle Ransomware uses the AES encryption in its attack, making the affected files unrecoverable. The VideoBelle Ransomware seems to target computer users located in French speaking countries and uses a ransom note written in French to demand the ransom payment from the victim. The VideoBelle Ransomware is a variant of HiddenTear, an open source ransomware platform that has spawned countless encryption ransomware Trojans since it was first released in August of 2015. The files encrypted by the VideoBelle Ransomware attack can be easily identified because the VideoBelle Ransomware will add the file extension '.locked' to the affected files. Unfortunately, it is not possible to decrypt the files compromised by these attacks without access to the decryption key currently. The VideoBelle Ransomware will target in its attacks the user- generated files, including video, audio, photos, databases, configuration files, spreadsheets, eBooks, and numerous other files that are associated with commonly used software such as Microsoft Office or Adobe Acrobat.

The VideoBelle Ransomware’s Ransom Demands

Once the VideoBelle Ransomware has encrypted the victims' files, it will make a ransom demand from the victim. To do this, the VideoBelle Ransomware will deliver a text file named 'Message_Important.txt' to the victim. This file is dropped on the desktop of the victim's computer and various other directories. The ransom note contains the following text, which demands a ransom payment of 150 € (Euro) from the victim:

'instruction à faire pour recuperer la clé de décryptage de vos fichiers crypter
email de contact: fbi-cybercrimedivision@hotmail.com
1) acheter des bitcoins de 150 €, euros à n'importe quelle site de bitcoins.
2) vous pouvez acheter rapidement les bitcoins ici https://localbitcoins.com
3) envoyer les bitcoins à cette adresse: 1NaJysikmSa96GfBdAJxLfi4iNMoZiczbi
4) dès que je reçois les bitcoins je vous envoie la clé de décryptage par email,
divers information bitcoin xxxxs: / /achterbtcoin.info'

The above message simply asks the victims to contact the VideoBelle Ransomware creators at their Hotmail email address, demanding the payment of 150 € Euros via Bitcoins. The VideoBelle Ransomware also will deliver instructions on how to purchase Bitcoin in its ransom note. The VideoBelle Ransomware ransom note is a French version of a ransom note that has been observed in numerous other ransomware attacks repeatedly, with other HiddenTear variants particularly.

Dealing with the VideoBelle Ransomware

Since it is not possible to decrypt files encrypted by the VideoBelle Ransomware without access to the decryption key, you should take precautions against ransomware like the VideoBelle Ransomware. The best prevention against the VideoBelle Ransomware and similar attacks is to use a reliable backup method to have backup copies of all files. Having the ability to restore the encrypted files by copying them from a backup is the best protection since it removes any power the con artists have to demand ransom payments from their victims during a VideoBelle Ransomware attack. This, coupled with a security program, can help prevent most of the VideoBelle Ransomware attacks.