Comrade Circle Ransomware Description
The Comrade Circle Ransomware is an encryption Trojan that uses a fake 'Windows Update' screen to hide its activity. The Comrade Circle Ransomware behaves similarly to the Fantom Ransomware and is spread the same way - spam emails loaded with a Trojan dropper in the form of a macro-enabled Microsoft Word file. Computer users may be urged to enable macro for the corrupted document by being shown a scrambled text and a banner that says 'Please, enable macro to read the text below.' The Comrade Circle Ransomware relies on the user's interaction to launch, and users should avoid spam email from unknown senders.
The 'Configuring Critical Windows Updates' Screen Leads to the Comrade Circle Ransomware
As stated above, the Comrade Circle Ransomware uses a fake 'Windows Update' screen to hide the encryption procedure. When the Comrade Circle Ransomware is initiated the user is shown a 'Configuring critical Windows Updates' message on the screen. The 'Configuring critical Windows Updates' notification by the Comrade Circle Ransomware disappears when the encryption process is complete. The Comrade Circle Ransomware is known to lock data in the default user's library, local drives and network shares that are not password protected. Researchers note that the Comrade Circle Ransomware can encode standard data containers used to store text, images, video, presentations, audio and databases. The Comrade Circle Ransomware may lock files in the following formats:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
What does Stalin and the Comrade Circle Ransomware Have in Common
The Comrade Circle Ransomware is named after the picture it uses as a custom wallpaper. The image is a representation of a long gone political leader under—Joseph Vissarionovich Stalin depicted as a saint from the Eastern Orthodox Church. Analysts suspect that the picture of Stalin may be used to put the Comrade Circle Ransomware in the same category as other Ransomware aimed at Russian-speaking users like the RAA Ransomware and the Kozy.Jozy Ransomware. Computer users that suffered an attack by the Comrade Circle Ransomware will find the '.comrade' suffix appended to modified files. For example, 'up_the_ladder.png' will be converted to 'up_the_ladder.png.comrade' and its content will be unavailable. The ransom note is delivered via 'RESTORE-FILES![random characters].txt' placed on the desktop. The message within 'RESTORE-FILES![random characters].txt' reads as follow:
'YOU FILES ARE ENCRYPTED by Comrade Circle!
You personal ID [string of random characters]
YOU HAVE 3 OPTIONS!
Option 1 = purchase decrytpion software. (if you need files your files back and have money)
1. Send donation of 2.04970001 btc to wallet [a string of random characters]
2. Send an email to firstname.lastname@example.org with you personal id, and you will recieve the decryption software
3. Decrypt you files.
If you dont get answer in 4 hours, or email is blocked by evil anti virus companies:
Register here: http://bitmsg.me, Once you have done that, Write to adress BM-2cTivRoWe5eXdZAt8PqxTJ6tqaQwoaNt6tcontact with you email and personal ID'
The Comrade Circle Ransomware Offers Choices if You Want a Decryptor for Free
Option 2 and 3 suggest the victim send as much money as possible to the con artists and include an invitation to join them. The makers of the Comrade Circle Ransomware claim to deliver 50% of their profit to people under the poverty bar. We suspect that their intentions are less than altruistic. Researchers note that the makers of the Comrade Circle Ransomware may be trying to create a network of affiliates. The crooks behind the Comrade Circle Ransomware offer a percentage of their profits to potential partners and help in the development of new variants and distribution methods. It is not a good idea to deliver payment and participate in the distribution of cyber threats.
Malware researchers might be able to crack the Comrade Circle Ransomware; therefore, you should backup the encrypted data and keep an eye on the Internet for a free decryptor. Meanwhile, you can use offline backups, copies on the cloud (for example Google Drive and Dropbox) and archives on removable HDD and SDD to recover your data structure. Keep in mind that you will need to clean your machine with a reputable anti-malware suite that can eliminate the Comrade Circle Ransomware.
Do You Suspect Your PC May Be Infected with Comrade Circle Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Comrade Circle Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.