Battlefield Ransomware Removal Guide

Do you know what Battlefield Ransomware is?

Battlefield Ransomware is yet another ransomware infection demanding a ransom in the Bitcoin cryptocurrency from users. It drops a file with its demands after successfully entering the system and encrypting users’ files. This is the main reason it has been classified as a ransomware infection. Ransomware infections usually affect those files users consider the most valuable, i.e. pictures, text documents, music files, etc. If these files have been encrypted on your computer too, we are sure you are considering paying money to cyber criminals behind this ransomware infection. Believe us; it is a very bad idea to give your money to them because you might not be given the decryptor even if you transfer a ransom. On top of that, a free decryptor for unlocking files affected by Battlefield Ransomware has already been developed, so it might be possible to decrypt them without the special tool cyber criminals claim to have on a secret server. In any event, the first thing you must do is to remove the ransomware infection from the system fully. The information provided in the last paragraph should help you to take care of this threat easier.

Although Battlefield Ransomware is still in development, according to our experienced malware researchers, it already encrypts files, so its entrance on your system will definitely have disastrous outcomes. Research has clearly shown that it encrypts a number of files with such popular extensions as .rar, .php, .txt, .docx, .pptx, .jpg, .png, .dll, .core, .iso, .ace, .torrent, .doc, .mp3, .mp4, and others. Without a doubt, it targets only the most valuable files. Luckily, it does not do anything to files belonging to the Windows OS, so your PC will continue working normally after the entrance of this ransomware infection. It will not take long to realize which of the files stored on the system have been encrypted because those locked files immediately get a new extension .locked (picture.jpg.locked) appended to them. After successfully encrypting users’ personal files, this ransomware infection also drops a ransom note READ_ME.txt and might set a Desktop wallpaper “Oops! Your files have been encrypted!!!.” As expected, the ransom note tells users to send 50 USD in the Bitcoin currency. When the payment is made, certain details like the transaction code and PC’s name have to be sent to the provided email address – You might still not be able to unlock your files after making a payment, so do not even consider sending a ransom to cyber crooks. As has been mentioned in the 1st paragraph, a free decryptor is available, so we are sure you could download it from the web sooner or later and decrypt your files for free. What else you can do to get your files back is to restore them from a backup.Battlefield Ransomware Removal GuideBattlefield Ransomware screenshot
Scroll down for full removal instructions

At the time of writing, Battlefield Ransomware is not distributed actively. Of course, everything might change soon. If cyber criminals ever start actively disseminating this infection, it should be spread via spam emails mainly, specialists say. It is nothing new that ransomware infections travel in spam emails as attachments – it is one of the easiest ways to reach users’ computers unnoticed. After the successful infiltration, Battlefield Ransomware not only encrypts files and drops a ransom note. It also creates a folder Rand123 in %HOMEDRIVE%\user. It contains one executable file local.exe and a .jpg file virus.jpg – it should be set as new Desktop background. Luckily, it does not apply any other changes, so its removal should not be complicated at all.

Battlefield Ransomware can be deleted either manually or automatically, but it does not really matter which removal method you adopt because the final result, i.e. the complete removal of ransomware is what matters the most. Of course, you should not go to delete Battlefield Ransomware manually if you are not an advanced user. Less experienced users should let automatic scanners delete malware from their computers.

How to remove Battlefield Ransomware

  1. Launch Explorer (press Win+E).
  2. Type %HOMEDRIVE%\user in the URL bar and press Enter.
  3. Locate the Rand123 folder and delete it.
  4. Delete suspicious files downloaded from the web.
  5. Empty the Recycle bin.

In non-techie terms:

Ransomware infections are sneaky threats that usually manage to enter computers without permission. Battlefield Ransomware is no exception – it appears on users’ PCs without their knowledge and then immediately ruins their files. It has the same motive as other ransomware infections – to obtain money from users. No matter how badly you need your files back, do not give cyber criminals a cent because you might be left without files and without money.