Battlefield Ransomware

What is Battlefield Ransomware?

Our malware testers have concluded that Battlefield Ransomware is still in development but was released anyway to bring in some cash for the developers. It is almost complete, and our researchers say that one of the few things that they expect to be addressed is the list of encrypted files which is set to expand. Its creators want you to pay a ransom for a decryption tool, but you should not trust them as they may not keep their word. Therefore, we believe that is necessary to remove it as you may lose your money as well as your files. Nevertheless, there is hope as we have heard of a decryption tool that may be released, so try finding it first before you resort to other options.test

What does Battlefield Ransomware do?

If your computer becomes infected with Battlefield Ransomware, then it will start encrypting your files with an AES-256 encryption algorithm that will render your files inaccessible. It will append the encrypted files with a “.locked” file extension. Since this program is still in development, it encrypts a limited number of file extension that inlcude  .ppt, .pptx, .odt, .jpg, .png, .csv, .py, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .htm, .xml, .psd, .pdf, .dll, and many others but it is not like it can encrypt nearly all of your files. This program aims at encrypting important files that can force you to pay the ransom if you need something back really bad.

Once this ransomware has encrypted your files, it drops an image file named virus.jpg at %Homedrive%\user\Rand123 that says that your files have been encrypted. It should replace the desktop image but does not do that probably because it Battlefield Ransomware is still unfinished. It will also drop a ransom note named READ_ME.TXT that demands that you pay 50 USD in Bitcoins. The developers promise to decrypt your files once you have paid, but there is no reason to trust them. The note also features an email address to contact the cyber criminals as well as the Bitcoin wallet address to which you should send the payment.

Where does Battlefield Ransomware come from?

Evidently, the developers of Battlefield Ransomware are unknown because if the people behind this program were identified, then they would have some serious problems with the law. Therefore, they stay in the shadows and try to distribute this ransomware without getting noticed too much. This ransomware was probably released for testing purposes because not everything in it works as it should. Our malware analysts say that is likely that its creators have set up an email server dedicated to sending email spam to random people to get their computers infected with this ransomware. The email should contain a dropper file that should drop this ransomware’s main executable named local.exe in %Homedrive%\user\Rand123. Nevertheless, the email can feature local.exe itself which can create a copy of itself in %Homedrive%\user\Rand123. The information regarding this program’s distribution methods is rather vague, so you need to be extra vigilant and have an anti-malware program protect your computer at all times.

How do I remove Battlefield Ransomware?

In closing, Battlefield Ransomware is a half-finished computer infection but is effective nonetheless. It can infect your PC when you expect it the least and encrypt your computer’s files. Therefore, you ought to remove it because paying the ransom is not a wise option. Use an anti-malware program such as SpyHunter or our manual removal guide to delete this ransomware manually.

Removal Instructions

  1. Hold down Windows+E keys.
  2. Type %Homedrive%\user\Rand123 in the File Explorer’s address box.
  3. Press Enter.
  4. Locate local.exe and virus.jpg.
  5. Right-click them and click Delete.
  6. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of Battlefield Ransomware*

Leave a Comment

Enter the numbers in the box to the right *