Battlefield Ransomware

The Battlefield Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source ransomware platform that was made public on Github in August of 2015. Since the public release of HiddenTear, countless ransomware variants have appeared, making use of this open source platform to carry out effective encryption ransomware attacks on real computer users. There is little to differentiate the Battlefield Ransomware from other HiddenTear variants, and PC security researchers advise computer users to take precautions to ensure that their data is protected against the Battlefield Ransomware and other encryption ransomware Trojans.

The Battlefield Ransomware is Delivered by a Corrupted Archive

PC security researchers suspect that independent con artists created the Battlefield Ransomware and the Battlefield Ransomware does not belong to a larger family or RaaS (Ransomware as a Service) scheme. The Battlefield Ransomware is being delivered in a corrupted RAR archive named '333210219.rar' currently, which is sent to victims in corrupted spam email messages that seek to trick the computer user into believing that the RAR file contains an invoice. In fact, when the RAR file associated with the Battlefield Ransomware is downloaded, it will self-extract and install the Battlefield Ransomware on the victim's computer. Once the Battlefield Ransomware has entered a computer, it will use the executable file 'Battlefiled.exe' in its attack and a combination of the AES and RSA encryption to make the victim's files inaccessible.

How the Battlefield Ransomware Attack Works

Like most encryption ransomware Trojans, the Battlefield Ransomware works by making the victim's files inaccessible. To do this, the Battlefield Ransomware will encrypt the victim's files using a strong encryption algorithm, then a second encryption algorithm to encrypt the decryption key, making it impossible for the victim to recover the affected files. Unfortunately, at this time it may not be possible to recover the files encrypted by the Battlefield Ransomware attack. As with most HiddenTear variants, the attack and encryption process carried out by the Battlefield Ransomware is solid and cannot be undone by brute force or other techniques. As with most ransomware Trojans, the goal of encrypting the victim's files is to demand the payment of a ransom. To do this, the Battlefield Ransomware will drop a file named 'Battlefield-Decrypter.exe' on the infected computer's desktop. The victim is asked to run this file. The Battlefield Ransomware also will deliver a ransom note in a text file named 'READ_ME.txt,' which is dropped on the infected computer. The Battlefield Ransomware ransom note reads as follows:

'Ooops! Your files have been encrypted.
Warning: Never change the file names and extensions and their location.
Send the transaction code and user name of the system and the date and time of the Ransomware to the following email.
You must send 50 USD to this address.
Decrypt your files after payment!
Buy Bitcoin with Credit Card and send to me:hxxps://buy.bitcoin.com/
Address Mail:alihacker8001@gmail.com
BTC Address:1Q5VprvKoBmPBncC7yZLURkcQ7FG9xnMKv'

Preventing the Battlefield Ransomware Attacks and Recovering Your Data

The Battlefield Ransomware ransom note demands that victims pay a ransom of $50 USD in Bitcoins (0.01875 BTC at the current exchange rate). Computer users should refrain from paying the Battlefield Ransomware's ransom. The people responsible for these attacks will seldom keep their promise to help the victim recover the affected data and, in many cases, will ignore the victim, demand a larger ransom amount, or target that particular victim for repeated subsequent attacks. PC security researchers strongly advise computer users to take preventive measures to ensure that their data is well-protected against encryption ransomware Trojans like the Battlefield Ransomware. Effective protection against these attacks is to have a good backup system. If you have file backups on an external memory device or the cloud, then the people responsible for the Battlefield Ransomware attack lose any leverage that allows them to demand a ransom payment. Having file backups, combined with the use of a strong security program is the best protection against these threats.