Battlefield Ransomware Removal Guide

A new extension .locked appended to your pictures, documents, music, and videos suggests only one thing to us – Battlefield Ransomware, a nasty crypto-threat, has already infiltrated your computer. Specialists say that this ransomware infection is still in development, but it definitely encrypts files already, so its entrance always results in the loss of files. Although you have already discovered your files locked, it does not mean that you cannot unlock them. No, we are not talking here about purchasing a decryption tool from cyber criminals. It is already known that a free tool that can unlock files without the special decryptor is available. As a consequence, there is no point in sending money to cyber criminals either. Yes, Battlefield Ransomware is one of those ransomware infections that demand a ransom from users after locking their files. It does not surprise us at all – the majority of ransomware infections have the same goal. Giving cyber criminals money is not clever not only because a free tool for decrypting files is available, but also because cyber criminals will not stop developing new malware if all victims give them money.

If you are reading this article from the beginning, you must already know that Battlefield Ransomware is one of the crypto-threats. Because of this, it encrypts files right after the entrance. It does not touch any system files, so your PC will work normally after its entrance; however, you could no longer open your documents with .xls, .docx, .doc, .xlsx, and .pdf extensions, images with .jpg and .png extensions, and, finally, all music files and videos. The ransom note READ_ME.txt leaves us in no doubt that Battlefield Ransomware only wants money because users are told to send 50 USD worth of Bitcoin to the provided BTC address as soon as possible. It seems that it is still not enough to do that. Users are also instructed to send the transaction code, user name of the affected system, and the “date and time of the Ransomware” to alihacker8001@gmail.com after making a payment. Users who pay money should get a reply with a decryption tool/key, but we cannot promise that this will really happen. Since there are no guarantees that you could unlock your files after sending money to cyber criminals, we do not recommend transferring a ransom to ransomware developers. It would be several times smarter to restore those encrypted files from a backup or download a free decryptor and unlock files with it.

Battlefield Ransomware does not make serious modifications inside the affected system. It does not block system utilities like some other crypto-threats either. All it does after the successful entrance is changing a Desktop wallpaper and encrypting files. More advanced users can also discover a new folder Rand123 in %HOMEDRIVE%\user. This folder contains an executable file (local.exe) and a .jpg file virus.jpg that might be set as a new Desktop wallpaper. It is good news that this infection does not make any major modifications – this means that it will not be extremely hard to remove it from the system.

Before we start talking about the Battlefield Ransomware removal, we should analyze how ransomware infections usually enter PCs so that it would be possible to prevent them from entering the system in the future more easily. Specialists still cannot tell much about the dissemination of Battlefield Ransomware because it is a newly-detected threat, but, in their opinion, it should not differ from older ransomware infections. That is, it should be distributed via spam email campaigns as well. On top of that, it might be possible to download it from some kind of dubious third-party page containing tons of free applications. If you have already found your files locked once, the chances are high that a new ransomware infection will successfully enter your computer again and lock files one more time if you do not do anything to protect your system. What our security specialists recommended you to do is to enable a security application on your system. It is the easiest way to ensure the system’s safety.

Battlefield Ransomware is a threat you must remove from your computer as soon as possible. It does not mean that it can no longer cause problems if it has already encrypted files, so do not put off its removal. This infection can be deleted either manually or automatically – choose the removal method depending on how much experience in malware removal you have. If you have never deleted any computer threat before, we recommend using an automated malware remover instead of trying to delete it manually.

Delete Battlefield Ransomware

1. Open Explorer by pressing Win+E on your keyboard.
2. Open %HOMEDRIVE%\user by typing it in the address bar of your Explorer.
3. Locate the Rand123 folder and select Delete.
4. Empty the Trash bin.