BellevueCollegeEncryptor Ransomware

If you face BellevueCollegeEncryptor Ransomware – also known as BellevueInject – your personal files could be put at risk. This malicious threat must be deleted immediately; otherwise, it starts encrypting files in the %USERPROFILE% directory and all existing subfolders. If you still have time to prevent this malicious threat from slithering in, you have to be extra careful about the emails you open and the attachments you click. You also have to secure vulnerable RDP backdoors to prevent malware from exploiting them. If the infection got in already, many of your personal files could be encrypted, unless you store them outside %USERPROFILE%. If you have not checked the damage yet, we suggest you do it now. The corrupted files will not open, and you should find the “DesktopReadme” extension appended at the end of the original name. For example, if a file named “document.doc” was encrypted, it should be named “documentDesktopReadme.doc.” Unfortunately, even if you remove BellevueCollegeEncryptor Ransomware and the added extension, your files will remain encrypted.

Our research team claims that BellevueCollegeEncryptor Ransomware is a variant of the malicious CryptoWire ransomware, an infection that our team has reported in the past. While these threats do look unique, they have more similarities than differences. For one, both of them were written in the Autoit scripting language. Second, both infections delete shadow volume copies, which means that the threat erases internal backups. Finally, BellevueCollegeEncryptor Ransomware and its predecessor both create a copy file of the original launcher in the %PROGRAMFILES(x86)%\Common Files folder. Because of this file, even if you delete the original launcher, you might be unable to stop the threat. In the same folder, you can also find “log.txt,” a file that lists all encrypted files. Besides these two files, the malicious infection also creates a task with a random name consisting of 10 digits. This task is set up to launch the copy when the user logs in. Unfortunately, file encryption is not the only task on the agenda. According to our research team, the new malicious ransomware can also record keystrokes and mouse movements, which are features of a keylogger. This is why removing the infection is extremely important.

After files are encrypted, BellevueCollegeEncryptor Ransomware creates two files named “README.txt” and “INSTRUCTIONS.txt” and launches a window to deliver a message. According to it, files will remain encrypted until the victim pays a ransom of $250 in a form of Bitcoin. It is stated that the victim has 48 hours to make the payment to bc1q2m68av8knhz9zkexzz8dn8ll9wyxz76ss47upm, a Bitcoin wallet, which does not seem to exist at all. The message also informs that files are set to be deleted after 48 hours. To confirm the payment, the message also instructs to email BellevueInject@openmailbox.org. The message is represented via the window and two TXT files in different ways, but the gist is the same in every case. So, should you pay the ransom and then contact the creator of BellevueCollegeEncryptor Ransomware? Our researchers warn that this is dangerous. If you give cyber criminals a chance to contact you, they could expose you to new infections in the future! When it comes to paying the ransom, we would be very surprised if you were provided with a decryptor in return.

It is necessary to delete BellevueCollegeEncryptor Ransomware not only because it can actively encrypt files but also because it might be able to spy on you and transmit highly sensitive information to remote attackers. Eliminating this malware manually is not the easiest of tasks because there are quite a few components that must be removed. Also, the launcher’s name and location are random, and so we cannot know if you will be able to find and eliminate it yourself. The good news is that you do not need to remove BellevueCollegeEncryptor Ransomware all on your own. You can employ an anti-malware program that will do it automatically. This is definitely the best option you’ve got, and not just because the program can find and erase every single threat, but also because it can protect you in the future. Of course, you do not want to rely on software alone. You also want to backup your files to protect them in case malicious software slithers in again.

BellevueCollegeEncryptor Ransomware Removal

1. Delete the launcher .exe file with a random name.
2. Delete every single copy of INSTRUCTIONS.txt and README.txt files.
3. Launch Explorer (tap Win+E keys) and enter %WINDIR%\System32\Tasks into the field at the top.
4. Delete the task set up by ransomware (name should contain 10 random digits).
5. Enter %PROGRAMFILES(x86)%\Common Files into Explorer.
6. Delete the copy of the launcher .exe file and also a file named log.txt.
7. Empty Recycle Bin and then quickly install a reliable malware scanner to inspect the PC for leftovers.