Home / Spyware Help / BellevueCollegeEncryptor Ransomware Removal Guide

BellevueCollegeEncryptor Ransomware Removal Guide

by 0 Comments

Do you know what BellevueCollegeEncryptor Ransomware is?

You have to delete BellevueCollegeEncryptor Ransomware as soon as you discover this malicious threat because besides encrypting personal files it also can record and leak sensitive information. According to our malware research team, this infection can work as a keylogger by recording key-strokes and mouse-clicks. These actions might allow cyber criminals to obtain passwords, usernames, and other login data, which, of course, you need to keep safe at all cost. Unfortunately, because the primary task for the threat is to encrypt personal files, you might be focused on restoring files instead of removing the infection. If that is your situation right now, keep in mind that you are unlikely to restore files, and so getting rid of BellevueCollegeEncryptor Ransomware should be your primary goal.

According to malware experts, BellevueCollegeEncryptor Ransomware is likely to be targeted at the Bellevue College community in Washington, USA. Even the ransom note starts with this statement: “Your institution was hacked.” Whether or not you belong to this community, you want to beware of suspicious emails, and you also want to secure all security vulnerabilities to ensure that the malicious BellevueCollegeEncryptor Ransomware cannot invade your operating system. If BellevueInject invades successfully, a copy is created in the %PROGRAMFILES(x86)%\Common Files folder. Our researchers indicate that the name could be identical to the name of the launcher file. Right next to the copy, the threat also creates log.txt, and this file presents a list of all encrypted files. Finally, a task with a random name is created in %WINDIR%\System32\Tasks to launch the copy.

It appears that BellevueCollegeEncryptor Ransomware only encrypts files that are located in the folders and subfolders found at %USERPROFILE%, and if you do not store your personal files here, you might avoid encryption. When files are encrypted, their names are changed to include the “DesktopReadme” extension in the middle. Along with these files, ransom note files INSTRUCTIONS.txt and README.txt should be found. These files present messages that inform about the attack and instruct to take action. The full instructions, however, are presented via the infection’s window that pops up once all files are corrupted. According to it, the victims of BellevueCollegeEncryptor Ransomware must purchase a decryption key to recover the files, and it costs $250. The ransom is expected to be paid in Bitcoin to the criminals’ Bitcoin wallet (bc1q2m68av8knhz9zkexzz8dn8ll9wyxz76ss47upm). After the payment, victims are supposed to email BellevueInject@openmailbox.org to receive the decryptor. Unfortunately, it is unlikely that the tool would be presented to those who pay. In fact, it might not even exist!BellevueCollegeEncryptor Ransomware Removal GuideBellevueCollegeEncryptor Ransomware screenshot
Scroll down for full removal instructions

There is no time to waste, and it is important that you remove BellevueCollegeEncryptor Ransomware as soon as you possibly can. Even if all of your personal files were encrypted, you do not have external backups, and you cannot use Windows backups (that is because the threat deletes shadow volume copies) to replace corrupted files, you are still at risk. The keylogger within the infection could continue recording and leaking private information! Unless you know where the launcher of the infection is, and unless you are confident you can delete BellevueCollegeEncryptor Ransomware yourself, we advise utilizing anti-malware software. It will clean your operating system and keep it clean in the future.

Delete BellevueCollegeEncryptor Ransomware/ BellevueInject

  1. Delete the ransom note files named INSTRUCTIONS.txt and README.txt.
  2. Find and Delete the launcher of the ransomware (name and location are unknown).
  3. Tap Win+E to access Explorer and enter %PROGRAMFILES(x86)%\Common Files into the field at the top.
  4. Delete the copy of the ransomware launcher.
  5. Delete the file named log.txt.
  6. Enter %WINDIR%\System32\Tasks into the field at the top.
  7. Delete the ransomware task with 10 random digits as its name.
  8. Empty Recycle Bin and then run a full system scan ASAP. If threats remain active, delete them quickly.

In non-techie terms:

You face double-trouble by letting BellevueCollegeEncryptor Ransomware into your operating system because this infection can both encrypt files and leak sensitive information. When this malware slithers in, it encrypts files to demand a ransom in return for a decryption key, but, at the same time, it also works as a keylogger. This is why it is important to remove BellevueCollegeEncryptor Ransomware as quickly as possible. This infection has a copy created in a secondary location, and it must be removed along with the launcher file. Where is it? We cannot give you an answer to this question, and if you cannot find it yourself, it is best to use an anti-malware program that will be able to eliminate the malicious threat automatically. And if you want to keep yourself, your operating system, and your files safe in the future, keep the anti-malware program installed, and do not forget to backup files externally.