Battlefield Ransomware
Posted: July 25, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 76 |
| First Seen: | July 25, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Battlefield Ransomware is a Trojan that uses Hidden Tear-based encryption to block the user from opening their saved media content. It may accompany its attacks with symptoms, such as pop-up alerts and ransom demands, although malware researchers advise attempting all other recovery solutions before paying a con artist. Most anti-malware products capable against the Hidden Tear family previously should remove the Battlefield Ransomware from your computer automatically.
More Tears Falling to Dampen YFiles
Thanks to how available its code is, there's not likely to be a shortage of Hidden Tear spin-offs in the future. A recent work-in-progress under analysis by malware experts, formerly unrelated to the HT family, now, has begun incorporating that software's encryption feature into its payload. These new attacks let the Battlefield Ransomware block your files as a bargaining chip to use for extorting Bitcoins.
The Battlefield Ransomware uses the AES-256 (one of the most common algorithms for enciphering data) to convert your files into non-opening formats and adds the '.locked' extension to their names so that you can identify them on sight. Its attacks may encode block content including pictures, various forms of text documents, spreadsheets and other media. The Battlefield Ransomware delivers its more visible symptoms only after completing this data-locking function.
Malware researchers found the Battlefield Ransomware delivering multiple formats of ransom notes and supplementary content, including:
- The Battlefield Ransomware may reset your desktop's background for showing its encryption warning, which, currently, is a simple text message on a black background.
- The Battlefield Ransomware creates a Notepad text file for showing its ransoming instructions, which the victims supposedly uses for decoding their media. However, the Trojan asks for the Bitcoin cryptocurrency, guaranteeing that the threat actor will not suffer any penalty for accepting payment and not rendering any agreed upon services.
- Although the Battlefield Ransomware does bundle a decryption component with its payload, malware researchers have yet to ascertain whether or not this feature works as advertised. Victims of this threat should remember to test the compatibility of free decryption software for Hidden Tear variants before resorting to con artists-sponsored services.
Bringing Calm to the Battlefield
The Battlefield Ransomware highlights the philosophy of modularity in Trojan development. While its threat actor is exploiting the Hidden Tear family's file-locking capabilities currently, new releases could use a different encryption method or modify the ransoming messages or decryption service without changing the rest of the Battlefield Ransomware's payload. PC users who need to guarantee the long-term safety of their media should avoid depending on decryption solutions for all file-encrypting threats and, instead, store backups on devices not vulnerable to threats like the Battlefield Ransomware.
Although the Trojan's file-blocking feature is entirely functional, malware researchers are unable to confirm any live attacks by the Battlefield Ransomware. Suspected infection methods include spam e-mails, fake download resources (particularly gaming-related torrents) and the currently-prominent RIG Exploit Kit. Most anti-malware products can delete the Battlefield Ransomware by default, without requiring any additional input from the user, or uninstall the Battlefield Ransomware after it attacks the PC.
The numbers of Trojans emerging from a shared baseline are climbing seemingly indefinitely, which does make identifying these threats a little easier than otherwise. However, it also increases the potential for any individual security mistake to result in an infection and ransom demands from Trojans, including the Battlefield Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.