VideoBelle Ransomware
Posted: August 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 77 |
| First Seen: | August 28, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The VideoBelle Ransomware is a Trojan that encrypts your files to block them indefinitely and uses the opportunity to demand ransoms for a decryption service. Like most variants of Hidden Tear, the VideoBelle Ransomware is open to decoding by other methods, and malware experts recommend using free recovery options, whether they involve decryptors or backups, when appropriate. Anti-malware security tools also protect your files by removing the VideoBelle Ransomware when it tries to infect your PC.
Raining Ransoms on France
More threat actors than otherwise tend to use English for delivering any instructions, demands, or threats to the PC users they're attacking. However, while there's much to be said for linguistic compatibility, Trojan campaigns also can benefit from targeting narrower niches, whether it's by industry or geographical location. For the second victim-filtering system, malware experts recently found a version of Hidden Tear, the VideoBelle Ransomware, with a minor reconfiguration for attacking French speakers.
The VideoBelle Ransomware, whose name comes from its executable's label, uses uncertain infection methods, although it may disguise itself as being a media product, bundle itself with other programs, or hide inside of an email attachment. It still uses Hidden Tear's primary attack of encrypting files of multiple formats, such as DOC, XLS, and JPG, with an AES-based cipher. This feature shows no symptoms until after locking the files, which it follows with appending a '.locked' extension to their names. Any victims should be cautious about misidentifying the VideoBelle Ransomware, which uses the same name tag as other threats, like the Luxnut Ransomware, the Zelta Free Ransomware, and the Battlefield Ransomware.
The VideoBelle Ransomware's threat actors only provide a French-based ransoming message to any victims, who they ask to pay 150 Euros in Bitcoins. Malware researchers also took note of an unusual social engineering tactic with the same instructions: the authors are using an email address that's designed to look like a contact for a 'cyber crime division' of the FBI. The threat actors may be reusing the account; France has no 'FBI' intelligence agency as per United States norms.
Emptying Your PC of a Division's Worth of Extortionists
The VideoBelle Ransomware campaign shows an odd mix of social engineering targeting that leaves its infection vectors, as well as the experience of its admins, open to question. However, the VideoBelle Ransomware and other versions of Hidden Tear require minimal support to cause damage to the files on an infected Windows PC. Malware researchers conclude that free decryption of any data that the VideoBelle Ransomware locks should be possible, although backups always should be kept in reserve for less fortunate cases of encryption-based attacks.
Anti-malware products may scan new files, such as downloaded email attachments, for Trojan droppers and other threats that may install the VideoBelle Ransomware. Users browsing the Internet without appropriate security features, such as script blockers, also are at risk for exploit kit-based attacks, and related tactics, that often prop up the distribution of multiple types of threatening software. Any professionally-designed anti-malware program may delete the VideoBelle Ransomware, but you only should attempt decoding any blocked files with a specialized decryptor customized for this threat.
Any nation with a prosperous economy is a probable target for ransom-based Trojan campaigns. As con artists continue inventing new combinations of social engineering and victim-sorting methods, the victims can do their part to stop Trojans like the VideoBelle Ransomware from getting a critical level of access to their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.