Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Comrade Circle Virus – Remove and Decrypt .encrypted4 Files

This article aims to inform about Comrade Circle ransomware and help to remove it completely and decrypt files encrypted by the virus for free.

A ransomware virus, known from previous versions as Comrade Circle has reappeared once more to encrypt the files on compromised users and demand victims to contact the e-mail fixfilex@protonmail.ch. The virus also has a bit message contact address where victims most likely are extorted to pay a hefty ransom fee in BitCoin. In case you have become a victim of Comrade Circle ransomware, we strongly advise you to make sure and remove the ransomware from your computer and read our article to learn how to decode your files without paying a dollar.

Threat Summary

Name Comrade Circle
Type Ransomware
Short Description The ransomware encrypts files with a AES-256 cipher and asks a ransom payoff of approximately 1.0068 BTC for decryption.
Symptoms Files are encrypted and become inaccessible possibly with added .encrypted4 file extension to them. A ransom note with instructions for paying the ransom shows as a RESTORE-FILES!{custom ID}.hta file.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Comrade Circle

Download

Malware Removal Tool

User Experience Join our forum to Discuss Comrade Cirle Ransomware.

Comrade Circle Virus – How Does It Infect

For the virus to cause a massive infection the cyber-criminals need spamming software. Such software sends automatic spam e-mails that contain the malicious files of Comrade Circle uploaded as e-mail attachments. Most e-mail spamming software include:

  • Opened access to ports for spamming.
  • Delivering, extracting and uploading of shells.
  • Fake webmail database.
  • Mails that have been previously tested and haven’t been blocked or blacklisted in any spam filters.
  • A pre-set list of victims waiting to be spammed.
  • Fake domains from which to spam.
  • Banking accounts that can be controlled online.
  • E-mail templates from fake e-mail providers, like PayPal, FedEx, Newegg, Skype, AliBaba, AliExpress, UPS, DHL, Macys, Apple, Overstock, Skrill, CraigsList, Wallmart, etc.

So the bottom line, what is demanded from cyber-criminals nowadays is completely synchronized system of bank accounts, servers and legitimate e-mails that will not be detected even if combined with spam bots, known as mailers. All to result in a successful infection by viruses such as Comrade Circle.

Comrade Circle Ransomware – More Details On The Attack

As soon as the unsuspecting user either clicks on a malicious URL or opens up an attachment, the malware begins to heavily modify Windows Registry settings and injects malicious code in legitimate Windows processes. This results in the appearing of the Windows Update screen, as reported by Karsten Hahn.

What is very specific about comrade ciricle is that it uses communism propaganda images to threaten the user in an amusing manner, calling him “comrade” in it’s previous variant. The virus also has a thematic wallpaper:

After encryption, the encoded files may appear like the following:

But what is also interesting is the virus may offer the victim to become part of the “comrade circle” with offer, similar to the previous version:

“To join or club send to bitmessage adress BM-NBt4g1wA13H9sbyHMxcRvBWkd78d8gre your invitation code, BTC wallet for recive payments, and email. and other contact info like jabber if you want. use this template for example: Invitation colde: xxxxxx Bitcoinwallet: xxxxxxxxxxxxxxxxxxxxxxx Bitmessage: xxxxxxxxxxxxxxxxxx Email: xxxx@xx.xx Othercontact: jabber xxxxxx@xxxx.xx notes: something about you if you want. You will get link for our software, and instruction how to use, basic tutorial how to spread and get $100,000 worth of profits.”

This very cunning strategy is likely another method of replicating the virus, via affiliate scheme, the same scheme Cerber ransomware affiliates are using, to put them in the most devastating ransomware viruses ever created group.

Decrypt Files Encrypted by Comrade Circle Virus

However, as dangerous as it may sound, the Comrade Circle Virus is actually a variant of Globe ransomware, which luckily enough is easily decryptable, thanks to malware researchers at TrendMicro and Kaspersky. To see the full instructions on how to remove Comrade Circle safely and decrypt your files in case they have been encrypted by this variant of the virus, please visit the related article below.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.