Remove Comrade Circle Ransomware and Restore Files

How to Remove Comrade Circle Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

    YOU FILES ARE ENCRYPTED BY Comrade Circle!

Your personal ID

[The unique identification number here]

YOU HAVE 3 OPTIONS!


After the advent of the Hitler Ransomware, it comes as no surprise Stalin gets involved too. At some point hackers will run out of dictators to name their parasites after. However, until this moment comes, we will have to tackle some really bizarre infections. The Comrade Circle Ransomware was discovered just a couple of days ago. Therefore, some details about the way it works are still a mystery. For instance, we still don’t know whether it uses the RSA or AES encryption algorithm. What we do know is that Comrade Circle is a particularly weird parasite. It differs from most file-encrypting viruses out there. The ransomware’s executable is named 1.exe and you will find it in the %TEMP% folder. Once its installation is complete, Comrade Circle plays a little trick on you. Just like the infamous Phantom Ransomware, this program creates a fake Windows Update screen. As a result, you get tricked into thinking there’s nothing wrong with your computer. However, at this very moment a vicious ransomware is encrypting your files. How could you tell whether that blue screen is real or not? Search for the word “critical”. The parasite’s bogus message claims it is “Configuring critical Windows Updates”. Windows never labeled its updates as “critical”, though. Only hackers could be that dramatic. As mentioned, while you’re seeing this deceptive screen, your files get locked. The parasite encrypts all the personal data you’ve stored on your machine. Obviously, this way it might cause you quite a headache. Comrade Circle messes with the target files’ formats and renames them. It adds the .comrade extension. Seeing this appendix means your data is no longer accessible. The parasite holds it hostage. File-encrypting infections are on the rise at the moment so the Web is full of ransomware. Comrade Circle utilizes a strong encrypting cipher to lock your precious files. Pictures, music, MS Office documents, videos – all of it falls victim to the virus. You can no longer use your modified information. The Comrade Circle Ransomware turns it into unreadable gibberish. This parasite’s most interesting tricks are just getting started, though. According to its ransom notes, you have to pay a certain amount of money to restore your files. Furthermore, “If you do not need your files or already restore them, please send us as much money as you can. Comrade Circle good people that help poor people getting jobs and great things, thanks.”. This has to be the most original ransom message we’ve ever stumbled across. It doesn’t change the fact crooks are trying to blackmail you, though.

How did I get infected with?

Spam messages/emails, illegitimate software, torrents, fake program updates. It’s quite a long list of infiltration techniques for hackers to choose from. Always keep in mind how virulent some programs are. Do not rush to click open what you receive in your inbox and pay attention online. Ransomware might pretend to be a job application or an email from some shipping company. Delete the emails you don’t trust and stay away from spam attachments. You might set free a vicious and aggressive intruder. Some infections also travel the Web via Exploit Kits or with the help of Trojans. Long story short, there are endless ways for crooks to compromise your PC. Be cautious online because protecting your safety is your job.

remove Comrade Circle

Why is Comrade Circle dangerous?

The virus adds RESTORE-FILES[random symbols].txt files to all folders that contain locked data. As you could imagine, those are a lot of folders. Crooks promise a unique decryptor in exchange for 2 Bitcoins. That equals almost 1230 USD. Do you think this is a fair deal?  Hackers even provide you an email address (recoverfiles@mail2tor.com) for you to contact them. Don’t even consider it. To say the least, cyber crooks aren’t famous for playing by the rules. They are only interested in gaining effortless profit so don’t be gullible. At the end of the day, ransomware is a nasty online fraud that aims at your bank account. To prevent getting scammed, keep your Bitcoins. Also, according to the ransom note, hackers will “give you icon of Stalin that will protect you in the future” from similar infections. This statement concretes our opinion on Comrade Circle. You’re stuck with one very creative piece of malware. To delete it manually, please follow our detailed removal guide down below.

Comrade Circle Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Comrade Circle Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Comrade Circle encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Comrade Circle encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment