Comrade Circle Virus – Remove and Decrypt .encrypted4 Files - How to, Technology and PC Security Forum |

Comrade Circle Virus – Remove and Decrypt .encrypted4 Files

This article aims to inform about Comrade Circle ransomware and help to remove it completely and decrypt files encrypted by the virus for free.

A ransomware virus, known from previous versions as Comrade Circle has reappeared once more to encrypt the files on compromised users and demand victims to contact the e-mail The virus also has a bit message contact address where victims most likely are extorted to pay a hefty ransom fee in BitCoin. In case you have become a victim of Comrade Circle ransomware, we strongly advise you to make sure and remove the ransomware from your computer and read our article to learn how to decode your files without paying a dollar.

Threat Summary

NameComrade Circle
Short DescriptionThe ransomware encrypts files with a AES-256 cipher and asks a ransom payoff of approximately 1.0068 BTC for decryption.
SymptomsFiles are encrypted and become inaccessible possibly with added .encrypted4 file extension to them. A ransom note with instructions for paying the ransom shows as a RESTORE-FILES!{custom ID}.hta file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Comrade Circle


Malware Removal Tool

User ExperienceJoin our forum to Discuss Comrade Cirle Ransomware.

Comrade Circle Virus – How Does It Infect

For the virus to cause a massive infection the cyber-criminals need spamming software. Such software sends automatic spam e-mails that contain the malicious files of Comrade Circle uploaded as e-mail attachments. Most e-mail spamming software include:

  • Opened access to ports for spamming.
  • Delivering, extracting and uploading of shells.
  • Fake webmail database.
  • Mails that have been previously tested and haven’t been blocked or blacklisted in any spam filters.
  • A pre-set list of victims waiting to be spammed.
  • Fake domains from which to spam.
  • Banking accounts that can be controlled online.
  • E-mail templates from fake e-mail providers, like PayPal, FedEx, Newegg, Skype, AliBaba, AliExpress, UPS, DHL, Macys, Apple, Overstock, Skrill, CraigsList, Wallmart, etc.

So the bottom line, what is demanded from cyber-criminals nowadays is completely synchronized system of bank accounts, servers and legitimate e-mails that will not be detected even if combined with spam bots, known as mailers. All to result in a successful infection by viruses such as Comrade Circle.

Comrade Circle Ransomware – More Details On The Attack

As soon as the unsuspecting user either clicks on a malicious URL or opens up an attachment, the malware begins to heavily modify Windows Registry settings and injects malicious code in legitimate Windows processes. This results in the appearing of the Windows Update screen, as reported by Karsten Hahn.

What is very specific about comrade ciricle is that it uses communism propaganda images to threaten the user in an amusing manner, calling him “comrade” in it’s previous variant. The virus also has a thematic wallpaper:

After encryption, the encoded files may appear like the following:

But what is also interesting is the virus may offer the victim to become part of the “comrade circle” with offer, similar to the previous version:

“To join or club send to bitmessage adress BM-NBt4g1wA13H9sbyHMxcRvBWkd78d8gre your invitation code, BTC wallet for recive payments, and email. and other contact info like jabber if you want. use this template for example: Invitation colde: xxxxxx Bitcoinwallet: xxxxxxxxxxxxxxxxxxxxxxx Bitmessage: xxxxxxxxxxxxxxxxxx Email: xxxx@xx.xx Othercontact: jabber xxxxxx@xxxx.xx notes: something about you if you want. You will get link for our software, and instruction how to use, basic tutorial how to spread and get $100,000 worth of profits.”

This very cunning strategy is likely another method of replicating the virus, via affiliate scheme, the same scheme Cerber ransomware affiliates are using, to put them in the most devastating ransomware viruses ever created group.

Decrypt Files Encrypted by Comrade Circle Virus

However, as dangerous as it may sound, the Comrade Circle Virus is actually a variant of Globe ransomware, which luckily enough is easily decryptable, thanks to malware researchers at TrendMicro and Kaspersky. To see the full instructions on how to remove Comrade Circle safely and decrypt your files in case they have been encrypted by this variant of the virus, please visit the related article below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share