Battlefield Ransomware

Battlefield Ransomware is a newly released ransomware-type application that can infect your PC by stealth and encrypt your files and demand money for a decryption key afterward. This program is still in development, so it may not be widely distributed, and our tests have shown that it was set to encrypt certain file types, but not all of them. The list of extensions it can encrypt is not extensive but, nevertheless, it can encrypt many of your personal files such as documents, pictures, and so on. Battlefield Ransomware is a primitive malware but is quite effective. In this article, we will discuss its distribution methods, functionality, and removal methods. So if your PC has become infected with it, then please continue reading.

While there is little to no information about how this ransomware is distributed, we want to point out that this ransomware can be distributed using tried and tested ransomware distribution techniques. The most likely method used is probably email spam. Email spam ensures a large number of victims because users never suspect that an innocent email could contain ransomware. In any case, Battlefield Ransomware’s main executable should be attached to an email. The file should be zipped as this ransomware consists of one executable file and does not have any additional files. Your computer can also become infected with this ransomware as a result of visiting an infected website that features some sort of security exploit that downloads it on your PC secretly. Our research has revealed that this ransomware is set to drop in %Homedrive%\user\Rand123. The executable is named local.exe and is launched automatically.

Once Battlefield Ransomware (local.exe) is launched, it begins encrypting your files at once. Or analysis has shown that this ransomware encrypts files using a unique AES-256 algorithm. It generates unique encryption, and decryption keys and the decryption key is sent to a remote server so that you could not get your hands on it. Decrypting your files without the correct key is impossible. However, the good news is that there is already a decryption tool available online.

As mentioned, this ransomware is still in development, so it has not been configured to encrypt many file formats. Currently, is can encrypt file types that include but are not limited to .txt, .jar, .dat, .contact, .settings, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, and .png. As you can see, it targets a wide range of files that are likely to host valuable information for which you would be willing to pay the ransom. Battlefield Ransomware appends all of the encrypted files with a “.locked” file extension that distinguishes encrypted files from the non-encrypted.

Battlefield Ransomware drops another file %Homedrive%\user\Rand123 named virus.jpg that should change the desktop image but did not do that when we tested it. It also drops a ransom note named READ_ME.txt that demands that you pay 50 USD in Bitcoins to decrypt your files. The note also supplies the Bitcoin wallet to which you have to send the coins as well as an email address (alihacker8001@gmail.com) of the cyber criminals if you need to contact them. However, you should not fall into this trap because the developers might not send you the decryptor once you have paid. We recommend looking for a free decryption tool first and try that before considering other options.

We hope you found this article insightful. As you can see, Battlefield Ransomware is just another ransomware-type computer infection that was released before it could be fully developed. Nevertheless, it is dangerous, and you should take it seriously. However, you should be wary of the fact that you may not get the promised decryption tool once you have paid. To remove this program manually, please use the instructions below. You can also use SpyHunter to delete this program for you.

Manual Removal Guide

1. Press Windows+E keys.
2. Type %Homedrive%\user\Rand123 in the box and hit Enter.
3. Locate local.exe and virus.jpg.
4. Right-click them and click Delete.
5. Empty the Recycle Bin.