The Comrade Circle ransomware is a new malware variant that encrypts user files and appends the .comrade file extension to the affected files. The threat generates a unique identifier that sums the ransomware payment see according to the damage impact.
| Name | Comrade Circle Ransomware |
| File Extensions | .comrade |
| Ransom | 2.04970001 Bitcoins |
| Solution #1 | Comrade Circle ransomware can be removed easily with the help of an anti-malware tool, a program that will clean your computer from the virus, remove any additional cyber-security threats, and protect you in the future. |
| Solution #2 | Comrade Circle Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution | Comrade Circle is distributed using the typical spam email campaigns. |
Comrade Circle Ransomware Description
The Comrade Circle ransomware is one of the latest malware threats that are being distributed by malicious users. The interesting thing that sets it apart from other types is that this ransomware generates a unique identification ID of the victim machine. This is used to calculate the ransom see depending on the scale of impact.
When the ransomware infects the user it immediately starts to modify various system settings. it replicates itself using different names in the following locations:
- %Common%
- %Roaming%
- %Temp%
- %AppData%
- %System32%
The malware modifies the Windows configuration and sets itself to auto launch when the sysetm boots up. This is done either by placing the encryption module directly in the %Startup% folder which is usually located in the following location:
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
The other method is to add a custom registry entry for the encryption binary. This is done by modifying these entries:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
The encryption targets these file name extensions:
PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG
The following ransom note is displayed to the user:
——————————-YOU FILES ARE ENCRYPTED by Comrade Circle!—————————————————
—————————————-You personal ID———————————————————————
—————————————————————————————————————————
YOU HAVE 3 OPTIONS!
———————— Option 1 = purchase decrytpion software. (if you need files your files back and have money)————————————-
1. Send donation of 2.04970001 btc to wallet 1HssDyDTZj1hVdwhdpF49wLKLPQoCRJB9T
2. Send an email to [email protected] with you personal id, and you will recieve the decryption software
3. Decrypt you files.
If you dont get answer in 4 hours, or email is blocked by evil anti virus companies:
Register here: http://bitmsg.me, Once you have done that, Write to adress BM-2cTivRoWe5eXdZAt8PqxTJ6tqaQwoaNt6tcontact with you email and personal ID
note1:
If you so evil and dont trust us, you may first give us 1 small file and we will decyrpt it for free as proof that we can decrypt the rest
note2:
Donation volume is unique generated for you (2.04970001) donate exacly same size (not more or less) for fast identification of your donation.
note3:
we are good people that help other people with getting a job and making the world better, 50% of recived payments will go to help poor people, sick chilren, animals and other good things. We only take payment from rich people because poor will join us and become rich.
note4:
After decryption we will give you icon of Stalin that will protect you in future from others proud members of Comrade Circle.
—–Option 2—-(if dont need files and have money)———————————————————————–
If you dont need your files or already restore them, please send us much money as you can
1HssDyDTZj1hVdwhdpF49wLKLPQoCRJB9T
Comrade Circle good people that help poor people getting jobs and do great things, Thanks.
—————– Option 3 join Comrade Circle—(if you dont have money and want help people) ————————-
If you dont have money this is going to be the best day of yourlife.
We here to give you easy job for 5000$-5000000$ (5 million dollars) in mo.We are here to give you a high paying job with unlimited earning potential All you need to do is to join COmrade Circle and help us spread our software.
We will give you 50% of all profits that come from you clients, If you work hard we can rise you % up to 90%.
you invitation code is [redacted], generated special for you.
Our cutting edge software is unique and effective:
simple setup and use.
undetectable by evil av companies.
encrypt big files (more that 2gb)
encrypt all network shares not connected to machine.
work and encrypt fast.
imposible to decrypt without payment.
mimics software update for better protection of data.
no need for administrative rights or UAC.
no need for c&c serevers or online connection.
will always work, because there no c&c servers and there always good people continue support.
Easy to use, created special for people with iq < 70. can be customized on the fly editing only file name. software from good people to good people we not scammers or criminals like others. dont encrypt files in very poor contries(only helping them getting jobs) using it you know that you help people get jobs and help sick chilren and animals,you are making the world a better place. Always developing more great features. To join or club send to bitmessage adress BM-NBt4g1wA13H9sbyHMxcRvBWkd78d8gre your invitation code, BTC wallet for recive payments, and email. and other contact info like jabber if you want. use this template for example: Invitation colde: xxxxxx Bitcoinwallet: xxxxxxxxxxxxxxxxxxxxxxx Bitmessage: xxxxxxxxxxxxxxxxxx Email: [email protected] Othercontact: jabber [email protected] notes: something about you if you want. You will get link for our software, and instruction how to use, basic tutorial how to spread and get $100,000 worth of profits. After you recive first payment we give you jabber for 24/7 support and advanced tutorials how to spread software. Join Comrade Circle and help get world better, get rich and become part of team.
Comrade Circle Ransomware Distribution
Comrade Circle is distributed using the typical spam email campaigns. However phishing attempts have also been detected on social networks such as LinkedIn where the malicious links to the ransomware are included in the contents of the messages. Other methods include installation through exploits via exploit kits and counterfeit software updates or disguised freeware applications.
Comrade Circle Ransomware Removal
For a faster solution, you can run a scan with an advanced malware removal tool and delete Comrade Circle completely with a few mouse clicks.
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
- 1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
- 1) Open My Computer/This PC
2) Windows 7
- – Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
- – Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
- 1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely Comrade Circle Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
- 1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
2) Restore your personal files using File History
- – Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
3) Using System Restore Point
- – Hit WIN Key
– Select “Open System Restore” and follow the steps
STEP VII: Preventive Security Measures
- 1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
