How to Remove Battlefield Ransomware

How to Remove Battlefield Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Ooops! Your files have been encrypted.
Warning: Never change the file names and extensions and their location.
Send the transaction code and user name of the system and the date and time of the Ransomware to the following email.
You must send 50 USD to this address.
Decrypt your files after payment!
Buy Bitcoin with Credit Card and send to me:hxxps://buy.bitcoin.com/
Address Mail:alihacker8001@gmail.com
BTC Address:1Q5VprvKoBmPBncC7yZLURkcQ7FG9xnMKv


This program surely has an appropriate name. It greets you with the very words used by the infamous WannaCry Ransomware – “Oops! Your files have been encrypted!”. And, much like WannaCry, the Battlefield Ransomware will make you quite upset. Ransomware is notoriously harmful; this virus is no exception. It belongs to the Hidden Tear family of file-encrypting programs. In other words, Battlefield is more than capable of causing damage. This pest uses the strong AES-256 encrypting algorithm to lock files. All your files. You see, there is a good reason why ransomware is considered to be the worst type of virus out there. These programs allow their developers to gain easy, illegal profit online. As you could imagine, no hacker would say no to that concept. Ransomware blackmails PC users by encrypting all their private files. That includes your favorite photos, music, important work-related documents, videos, etc. Do you store important data on board? Do you also have backup copies, though? In the future, make sure you protect your files in case another ransomware gets to you. The only way to be absolutely certain such a virus can’t cause you damage is by keeping backups. Remember, ransomware is an extremely popular sight online. There are plenty of file-encrypting infections out there and you could potentially cross paths with another similar pest. Do not make the same mistake twice and take care of your information in advance. Now, as soon as the ransomware gets installed, it scans your PC. It searches for your personal data including your most precious and valuable files. Once the target information is located, Battlefield Ransomware starts locking it. You might have noticed the .locked extension added to your files. This is quite an obvious way for crooks to let you know your personal data is now inaccessible. There is no more using any of the files stored on your device. The new extension replaces the original one; for example, Birthday_Party.mp4 gets renamed to Birthday_Party.mp4.locked. You’re now unable to open your data. It goes without saying that such a trickery will cause some confusion. In fact, hackers are aiming at it. They take advantage of your anxiety and force you to buy a certain decryptor. You’re supposed to pay 50 USD just for the privilege to open your own data. No, this deal isn’t fair.

How did I get infected with?

Ransomware usually gets attached to some spam messages or emails. By doing so, the parasite relies on your curiosity to be let loose. Do you see how easy it is to compromise your security? Stay away from any email-attachments or random messages you might come across. Clicking those open could help a rich variety of infections to get installed. It takes a moment to infect your PC. However, removing malware could take much more. Do the right thing and watch out for potential intruders. Avoid illegitimate websites and unverified programs as well. Many ransomware-type programs travel the Web via exploit kits. In addition, keep an eye out for bogus program updates and fake torrents. Those may turn out to be corrupted. A rule of thumb is to make a check of the freeware or shareware bundles you download off of the Internet too. Unless you’re aware what programs are part of the bundle, you could agree to install some bonus parasites. Last but not least, the ransomware might have used some help from another virus. A Trojan horse, for instance. Check out your device because Battlefield Ransomware may not be the only troublesome program you need to remove.

remove Battlefield

Why is Battlefield dangerous?

The virus changes your desktop wallpaper and drops “Battlefield-Decrypter.exe” and “READ_ME.txt” files. It then tries to convince you that, unless you pay, your files are locked forever. Many people do panic when seeing these demands because ransomware works in silence. It manifests its presence by encrypting your personal information. Hence, all your files get locked out of the blue. According to the ransom notes added by the virus, hackers will provide the decryption key. Of course, that service doesn’t come for free. You will be able to regain access to your files if you pay 50 dollars in Bitcoin. Or at least that’s what crooks promise. Needless to say, making negotiations with cyber criminals would be a mistake. Hackers have no intentions to free your encrypted files. They are just interested in scamming you. To avoid getting involved in a nasty cyber fraud, ignore the parasite’s ransom messages. Keep your Bitcoins and don’t believe anything this program promises. Ignore the malicious email address hackers provide (alihacker8001@gmail.com) and don’t let them blackmail you. Please follow our detailed manual removal guide down below.

Battlefield Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Battlefield Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Battlefield encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Battlefield encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment