Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Comrade Circle Ransomware and Restore .comrade Files

comrade-circle-ransomware-fake-icon-stalin-sensorstechforum-source-newslanc-comRESTORE-FILES!_{ID}_.txt – this is what users who have been affected by Comrade Circle ransomware see after their files have been encrypted with an added .comrade file extension to them. The Comrade Circle virus does not waste any time In explaining what type of encryption it uses and what is encryption but gets down straight to the point. It also generates a unique amount of payment the affected user must pay which is somewhere around 2 BTC (BitCoins) to restore access to the encrypted files by this nasty cyber-threat. What is more, cyber-criminals interestingly enough claim half the profits will go to noble causes. Anyone who has been infected with this nasty malware, should not pay any ransom payment to cyber-criminals and instead, wait for a free decryptor to be released in the future. In the meantime, we advise you to follow the instructions after this article to remove Comrade Circle from your device and try alternative methods to restore your files.

Threat Summary

NameComrade Circle
TypeRansomware
Short DescriptionThe ransomware encrypts files with a strong cipher and asks a ransom payoff of approximately 2 BTC for decryption.
SymptomsFiles are encrypted and become inaccessible with an added .comrade file extension to them. A ransom note with instructions for paying the ransom shows as a RESTORE-FILES!{custom ID}.txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Comrade Circle

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Comrade Cirle Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Comrade Circle Ransomware – Spreading Technique

For it to be successful whist infecting user PCs’ Comrade Circle may use the conventional tested spreading methods most ransomware viruses tend to use – massive spam of phishing e-mails. For those uninformed, phishing e-mails tend to resemble legitimate e-mail addresses to get users to click on them. Example is the below-mentioned fake LinkedIn invitation containing a malicious web link.

fake-linked-in-e-mail

Once the malicious web link or in some cases e-mail attachment, is opened it may cause the infection via an exploit kit, such as the Rig EK, for example. Such kits are very expensive because they locate weaknesses and bugs in Windows only to exploit them and infect the victim’s computer.

However, this may not be the only method of distribution Comrade Circle may use – the virus may also replicate via online file sharing services and software, like dropbox and social media as well. It may also be disguised as fake Adobe Flash Player update or a fake setup of a program that may be uploaded on a shady websites which displays results based on what you “googled” for (download free torrent of someting, etc.).

Comrade Circle Ransomware – More Information About It

As soon as Comrade Circle has been installed on your computer, the malware may immediately begin to modify it. For starters, one or more files may be dropped under different names in the following Windows folders;

  • %Common%
  • %Roaming%
  • %Temp%
  • %AppData%
  • %System32%
  • %UserProfile%

As soon as this is completed the Comrade Circle ransomware has to set up it’s auto launch. This can happen in two ways. One is do drop the file-encryption module directly on the %Startup% folder of Windows which is usually located in:

%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup

The other technique which may be used by Comrade Circle ransomware may be to add custom registry entries for the malicious executable that encrypts files. The usual targeted registry entries are the following:

“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce”

After this has been performed and the encrypter of Comrade Circle ransomware runs, the following files may be encrypted and no longer openable, unless a decryption key is used to unlock them:

→“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After the files are encrypted the Comrade Circle ransomware virus drops a ransom note that is named “RESTORE-FILES!{ID}.txt” where ID is the unique identification number of the infected computer. Malware researcher Demonslay335 has identified the ransom note to have the following content:

YOU FILES ARE ENCRYPTED by Comrade Circle! - ransom note

The strategy of the cyber-criminals is very clear when it comes to motivating users that have been affected by it. They not only claim that they will give profits to the poor but they also directly advertise their RaaS (ransomware as a service) scheme openly to the ransomware’s victims. This is a very unique strategy and it may actually be successful for them in the future. This is due to the fact that most victims may become cyber-criminals themselves out of desperation and begin to cause infections in multiple different distribution methods, even targeted attack. However, malware researchers strongly advise against following the demands in the ransom note, primarily because any cooperation with cyber-criminals is considered to be illegal and punishable by law. Also, it is no guarantee you will profit and that you will make any money by spreading the malware further and the cyber-criminals may not keep their word at all.

Not only this, but once a ransom is paid, the crooks have even developed a mechanism to keep the infected computer safe from further infections by giving the victim an icon of Stalin that will prevent re-infection by the Comrade Circle cyber-threat(at least according to the ransom note).

Comrade Circle Ransomware – Conclusion, Removal and File Restoration

The bottom line is that Comrade Circle is a very unique threat that aims to spread very quickly and it is not to be underestimated at all. Even though the promises in it’s ransom note may turn tempting, we strongly suggest against any type of cooperation with the cyber-criminals or paying the ransom money. Instead, advices are to immediately remove this ransomware virus and restore your files after they have been encrypted by it.

To remove Comrade Circle crypto-virus, we strongly advise you to follow our removal instructions that are illustrated below. They are methodologically arranged to help locate the files of Comrade Circle as and delete them. If you are having difficulties locating the malware-related objects manually, malware researchers always recommend scanning the computer automatically for Comrade Circle ransomware and removing every related object with advanced anti-malware software.

To attempt and decipher your files in case they have been affected by Comrade Circle, it is strongly suggested to avoid direct decryption with other tools, because similar to other devastating ransomware the virus might break the files permanently if it has CBC mode enabled during encryption. Having explained that, you may attempt the alternative file restoration methods in step “2. Restore files encrypted by Comrade Circle” below at your own risk and with no guarantee.

Manually delete Comrade Circle from your computer

Note! Substantial notification about the Comrade Circle threat: Manual removal of Comrade Circle requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Comrade Circle files and objects
2.Find malicious files created by Comrade Circle on your PC

Automatically remove Comrade Circle by downloading an advanced anti-malware program

1. Remove Comrade Circle with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Comrade Circle
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.