Comrade HT Ransomware – How to Remove + Restore .comrade Files

Comrade HT Ransomware – How to Remove + Restore .comrade Files

This article has been created in order to help you by showing how to remove Comrade HT ransomware and how to try and restore .comrade encrypted files without having to pay the ransom.

New ransomware virus has been reported to possibly be related to the Comrade variants. The virus is themed accordingly and is named Comrade HT. This ransomware is just like any other crypto nightmare – it uses AES encryption algorithm to get the files of it’s victims to seem corrupt and broken. Then, the virus claims it can unlock the files it has encrypted if you pay $480 usd in BTC to get the files decrypted once again. If you have become a victim of Comrade HT ransomware, recommendations are to read the following article in order to learn how to remove Comrade HT ransomware and restore .comrade encrypted files.

Threat Summary

NameComrade HT
TypeRansomware, Cryptovirus
Short DescriptionEncrpts the files on your computer and then demands a ransom payoff to decrypt them of $480.
SymptomsFiles are encrypted with .comrade extension added and a ransom note DECRYPT_FILES.txt is also dropped.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Comrade HT


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Comrade HT.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Comrade HT Ransomware – Distribution Methods

In order for this virus to infect the maximum amount of users, it may be spread via more than one distribution techniques. The main of those used may be via malicious e-mail spam messages, also known as malspam. To do this, the cyber-criminals use convincing messages in order to trick victims into either clicking on buttons that download the malicious file or downloading the file as an e-mail attachment, that they believe is a legitimate document. Such e-mails may contain messages within them that aim to convince you that the attachment is an important document, like invoice, receipt, payment letter and other types of documents, for example:

In addition to this, the Comrade HT ransomware may also be concealed as a fake program setup, fake key generator or other fraudulent type of software.

Comrade HT Ransomware – More Information

As soon as your computer has been infected by Comrade HT ransomware, the virus immediately begins to perform various different activities on your computer, starting with dropping multiple malicious files in the following Windows directories:

  • %AppData%
  • %Local%
  • %Temp%
  • %Roaming%
  • %LocalLow%

As soon as the malicous files belonging to Comrade HT ransomware have been dropped on the victim’s computer, the virus may immediately begin to delete the shadow volume copies on your PC. This happens after the Comrade HT malware runs a command as an administrator on your computer system:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

In addition to deleting the shadow volume copies on your computer, the Comrade HT ransomware also aims to modify some of the Windows registry sub-keys in the Registry Editor, by creating values with custom data in them. The attacked sub-keys may be the following:

→ HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_USERS\.DEFAULT\Control Panel\Desktop\

After this has happened, the virus also drops a ransom note to notify the victim of the infected PC of the situation. The note is named DECRYPT_FILES.txt and has the following contents:

All your files has been encrypted!
How do I get my files back?
Send $480 worth of Bitcoin to: 1NwlqXBqV2CBUZ53aLyzD71XkzDYc6bXe5
and send a email to
If you don’t pay us within 24 hours, we will be forced to delete your decryption key.
If you turn off your pc, your files will automatically be encrypted again,
When you next boot.
Making it harder for you to decrypt your files.
Signed, Comrade.

Similar to the Comrade Cirle ransomware variants, this virus may also use socialist propaganda wallpapers in order to mock the victim.

Comrade HT Ransomware Encryption – Process

When Comrade HT ransomware encrypts your files, the virus will append the .comrade file extension to the encrypted files, making them appear like the following after the encryption process is complete:


In addition to this, Comrade HT ransomware does not encrypt just any file. The firus scans your computer for only specific file types, while being very careful not to encrypt system files in Windows. Usually, the most often targeted file types by Comrade HT ransomware are:

  • Pictures.
  • Documents.
  • Audio files.
  • Videos.
  • Archives.
  • Often used file types.

Remove Comrade HT Ransomware and Restore .comrade Files

In order to remove this virus, recommendations are to firstly remove all of the files associated with it and all of the registries. You can try to hunt down for the files manually after shutting down your internet connection by following the manual instructions below. However, since Comrade HT ransomware may also encrypt your files further if you try to tamper with it, experts advise removing the virus automatically by downloading an advanced anti-malware tool which will take care of the removal for you. Be advised that it is not reccomended to restart your PC after an infection with the Comrade HT ransomware.

If you want to restore the encrypted files of this virus, it is strongly advisable to try the alternative methods for file recovery below. They are specifically designed to help you restore you encrypted files via the alternative methods for file recovery below in step “2. Restore files encrypted by Comrade HT”.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share