BrainLag Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 366
Category: Trojans

Ransomware infections all act very similarly, but there is no doubt that BrainLag Ransomware is the one that has encrypted pictures, documents, music, and other files on your computer if you have already discovered your files having a new extension .xdxdlol appended next to their original filename extensions. Ransomware infections lock users’ files to give them a reason to transfer money to their authors, but it seems that BrainLag Ransomware is not one of them because it does not demand a ransom after it encrypts users’ personal files, which suggests that it is still in development. It also means that you could not purchase the decryption tool from cyber criminals even if you are determined to do that. Of course, it does not mean that it is a very good idea to pay malware developers money. According to our specialists at, users should not let go of their money easily because malware developers only need the money and might not even give users the tool they purchase from them. Therefore, if BrainLag Ransomware is ever updated or other cyber crooks take over this HiddenTear-based threat seeking to extract money from users and it starts demanding a ransom, do not even think about sending the required sum of money no matter if you need to get access to your files badly.

You will definitely notice a bunch of encrypted files on your computer if BrainLag Ransomware ever manages to slither onto your computer. Although this infection does not try to obtain money from users like other ransomware infections do, it still encrypts users’ files by appending the extension .xdxdlol. You will also notice a new picture bg.jpg set as your new wallpaper on Desktop and a ransom note read_me.txt dropped on your PC after the encryption of files. The ransom note it leaves on users’ computers is very short (see below), which again proves that this threat might still be in development or has been developed for testing purposes only:

This computer has been hacked

Your files have been ecrypted.


There is no information about the decryption of files provided either, as you can see, so it seems that this threat does not seek to obtain money from users like other ransomware-type infections that leave a ransom telling users to send a certain amount of money in exchange for the decryption tool right after encrypting users’ personal data. It also means that users cannot purchase the decryption tool from cyber criminals. Of course, they do not even need to do that because there is a way to decrypt files without the special key – files can be restored from a backup. Unfortunately, you could not do that if you have never backed up your files. Also, it might be impossible to restore files without the decryption key if your backup is located on the system – it could have been encrypted by BrainLag Ransomware as well.

Research has revealed that BrainLag Ransomware deletes itself after encrypting users’ files, but it does not mean that you will not need to do anything because it also drops additional files like read_me.txt (a ransom note) and local.exe in %HOMEDRIVE%\user\Folder. Leaving these components on the system might result in the revival of the ransomware infection.

Most probably, BrainLag Ransomware is distributed in usual ways. That is, it should be spread mainly via spam email campaigns. It is nothing new – other ransomware infections travel as attachments in spam emails as well. We would lie if we said that it is the only distribution method used. Ransomware infections are sneaky threats that might find different ways to enter users’ computers. Therefore, the installation of security software is mandatory after the removal of this nasty infection. It is the only one that could protect you from new ransomware infections. We can assure you that malware creators will not stop developing new ransomware infections anytime soon, so it is worth investing in trustworthy security software.

You must fully delete BrainLag Ransomware from your computer so that this infection could no longer cause harm. Luckily, only two files read_me.txt and local.exe available in the directory %HOMEDRIVE%\user\Folder have to be deleted to erase this infection. In addition, it is recommended to check the Downloads folder and eliminate suspicious recently downloaded files. Unfortunately, files will stay the way they are, i.e. encrypted even if you erase this malicious application completely.

How to remove BrainLag Ransomware

  1. Launch Explorer.
  2. Delete the folder of the ransomware infection %HOMEDRIVE%\user\Folder.
  3. Remove the ransom note read_me.txt from Desktop.
  4. Delete all recently downloaded files from %USERPROFILE%\Downloads.
  5. Empty the Recycle bin.
Download Remover for BrainLag Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

BrainLag Ransomware Screenshots:

BrainLag Ransomware
BrainLag Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *