Get Rid of the Comrade Circle Ransomware

8 years ago Ransomware 1755

The Comrade Circle ransomware is a new malware variant that encrypts user files and appends the .comrade file extension to the affected files. The threat generates a unique identifier that sums the ransomware payment see according to the damage impact.


Name 		Comrade Circle Ransomware

File Extensions 		.comrade

Ransom 		2.04970001 Bitcoins

Solution #1		 Comrade Circle ransomware can be removed easily with the help of an anti-malware tool, a program that will clean your computer from the virus, remove any additional cyber-security threats, and protect you in the future.

Solution #2		 Comrade Circle Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution 		Comrade Circle is distributed using the typical spam email campaigns.

Comrade Circle Ransomware Description

The Comrade Circle ransomware is one of the latest malware threats that are being distributed by malicious users. The interesting thing that sets it apart from other types is that this ransomware generates a unique identification ID of the victim machine. This is used to calculate the ransom see depending on the scale of impact.

When the ransomware infects the user it immediately starts to modify various system settings. it replicates itself using different names in the following locations:

  • %Common%
  • %Roaming%
  • %Temp%
  • %AppData%
  • %System32%

The malware modifies the Windows configuration and sets itself to auto launch when the sysetm boots up. This is done either by placing the encryption module directly in the %Startup% folder which is usually located in the following location:

  • %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup

The other method is to add a custom registry entry for the encryption binary. This is done by modifying these entries:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The encryption targets these file name extensions:

PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG

The following ransom note is displayed to the user:

——————————-YOU FILES ARE ENCRYPTED by Comrade Circle!—————————————————
—————————————-You personal ID———————————————————————
—————————————————————————————————————————
YOU HAVE 3 OPTIONS!
———————— Option 1 = purchase decrytpion software. (if you need files your files back and have money)————————————-
1. Send donation of 2.04970001 btc to wallet 1HssDyDTZj1hVdwhdpF49wLKLPQoCRJB9T
2. Send an email to [email protected] with you personal id, and you will recieve the decryption software
3. Decrypt you files.
If you dont get answer in 4 hours, or email is blocked by evil anti virus companies:
Register here: http://bitmsg.me, Once you have done that, Write to adress BM-2cTivRoWe5eXdZAt8PqxTJ6tqaQwoaNt6tcontact with you email and personal ID
note1:
If you so evil and dont trust us, you may first give us 1 small file and we will decyrpt it for free as proof that we can decrypt the rest
note2:
Donation volume is unique generated for you (2.04970001) donate exacly same size (not more or less) for fast identification of your donation.
note3:
we are good people that help other people with getting a job and making the world better, 50% of recived payments will go to help poor people, sick chilren, animals and other good things. We only take payment from rich people because poor will join us and become rich.
note4:
After decryption we will give you icon of Stalin that will protect you in future from others proud members of Comrade Circle.
—–Option 2—-(if dont need files and have money)———————————————————————–
If you dont need your files or already restore them, please send us much money as you can
1HssDyDTZj1hVdwhdpF49wLKLPQoCRJB9T
Comrade Circle good people that help poor people getting jobs and do great things, Thanks.
—————– Option 3 join Comrade Circle—(if you dont have money and want help people) ————————-
If you dont have money this is going to be the best day of yourlife.
We here to give you easy job for 5000$-5000000$ (5 million dollars) in mo.We are here to give you a high paying job with unlimited earning potential All you need to do is to join COmrade Circle and help us spread our software.
We will give you 50% of all profits that come from you clients, If you work hard we can rise you % up to 90%.
you invitation code is [redacted], generated special for you.
Our cutting edge software is unique and effective:
simple setup and use.
undetectable by evil av companies.
encrypt big files (more that 2gb)
encrypt all network shares not connected to machine.
work and encrypt fast.
imposible to decrypt without payment.
mimics software update for better protection of data.
no need for administrative rights or UAC.
no need for c&c serevers or online connection.
will always work, because there no c&c servers and there always good people continue support.
Easy to use, created special for people with iq < 70. can be customized on the fly editing only file name. software from good people to good people we not scammers or criminals like others. dont encrypt files in very poor contries(only helping them getting jobs) using it you know that you help people get jobs and help sick chilren and animals,you are making the world a better place. Always developing more great features. To join or club send to bitmessage adress BM-NBt4g1wA13H9sbyHMxcRvBWkd78d8gre your invitation code, BTC wallet for recive payments, and email. and other contact info like jabber if you want. use this template for example: Invitation colde: xxxxxx Bitcoinwallet: xxxxxxxxxxxxxxxxxxxxxxx Bitmessage: xxxxxxxxxxxxxxxxxx Email: [email protected] Othercontact: jabber [email protected] notes: something about you if you want. You will get link for our software, and instruction how to use, basic tutorial how to spread and get $100,000 worth of profits. After you recive first payment we give you jabber for 24/7 support and advanced tutorials how to spread software. Join Comrade Circle and help get world better, get rich and become part of team.

Comrade Circle Ransomware Distribution

Comrade Circle is distributed using the typical spam email campaigns. However phishing attempts have also been detected on social networks such as LinkedIn where the malicious links to the ransomware are included in the contents of the messages. Other methods include installation through exploits via exploit kits and counterfeit software updates or disguised freeware applications.

comrade-ransomware-distribution

Comrade Circle Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete Comrade Circle completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely Comrade Circle Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of Comrade Circle requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete Comrade Circle ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *