Comrade Circle Ransomware

Comrade Circle Ransomware Description

The Comrade Circle Ransomware is an encryption Trojan that uses a fake 'Windows Update' screen to hide its activity. The Comrade Circle Ransomware behaves similarly to the Fantom Ransomware and is spread the same way - spam emails loaded with a Trojan dropper in the form of a macro-enabled Microsoft Word file. Computer users may be urged to enable macro for the corrupted document by being shown a scrambled text and a banner that says 'Please, enable macro to read the text below.' The Comrade Circle Ransomware relies on the user's interaction to launch, and users should avoid spam email from unknown senders.

The 'Configuring Critical Windows Updates' Screen Leads to the Comrade Circle Ransomware

As stated above, the Comrade Circle Ransomware uses a fake 'Windows Update' screen to hide the encryption procedure. When the Comrade Circle Ransomware is initiated the user is shown a 'Configuring critical Windows Updates' message on the screen. The 'Configuring critical Windows Updates' notification by the Comrade Circle Ransomware disappears when the encryption process is complete. The Comrade Circle Ransomware is known to lock data in the default user's library, local drives and network shares that are not password protected. Researchers note that the Comrade Circle Ransomware can encode standard data containers used to store text, images, video, presentations, audio and databases. The Comrade Circle Ransomware may lock files in the following formats:


What does Stalin and the Comrade Circle Ransomware Have in Common

The Comrade Circle Ransomware is named after the picture it uses as a custom wallpaper. The image is a representation of a long gone political leader under—Joseph Vissarionovich Stalin depicted as a saint from the Eastern Orthodox Church. Analysts suspect that the picture of Stalin may be used to put the Comrade Circle Ransomware in the same category as other Ransomware aimed at Russian-speaking users like the RAA Ransomware and the Kozy.Jozy Ransomware. Computer users that suffered an attack by the Comrade Circle Ransomware will find the '.comrade' suffix appended to modified files. For example, 'up_the_ladder.png' will be converted to 'up_the_ladder.png.comrade' and its content will be unavailable. The ransom note is delivered via 'RESTORE-FILES![random characters].txt' placed on the desktop. The message within 'RESTORE-FILES![random characters].txt' reads as follow:

You personal ID [string of random characters]
Option 1 = purchase decrytpion software. (if you need files your files back and have money)
1. Send donation of 2.04970001 btc to wallet [a string of random characters]
2. Send an email to with you personal id, and you will recieve the decryption software
3. Decrypt you files.
If you dont get answer in 4 hours, or email is blocked by evil anti virus companies:
Register here:, Once you have done that, Write to adress BM-2cTivRoWe5eXdZAt8PqxTJ6tqaQwoaNt6tcontact with you email and personal ID'

The Comrade Circle Ransomware Offers Choices if You Want a Decryptor for Free

Option 2 and 3 suggest the victim send as much money as possible to the con artists and include an invitation to join them. The makers of the Comrade Circle Ransomware claim to deliver 50% of their profit to people under the poverty bar. We suspect that their intentions are less than altruistic. Researchers note that the makers of the Comrade Circle Ransomware may be trying to create a network of affiliates. The crooks behind the Comrade Circle Ransomware offer a percentage of their profits to potential partners and help in the development of new variants and distribution methods. It is not a good idea to deliver payment and participate in the distribution of cyber threats.

Malware researchers might be able to crack the Comrade Circle Ransomware; therefore, you should backup the encrypted data and keep an eye on the Internet for a free decryptor. Meanwhile, you can use offline backups, copies on the cloud (for example Google Drive and Dropbox) and archives on removable HDD and SDD to recover your data structure. Keep in mind that you will need to clean your machine with a reputable anti-malware suite that can eliminate the Comrade Circle Ransomware.

Do You Suspect Your PC May Be Infected with Comrade Circle Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Comrade Circle Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Comrade Circle Ransomware creates the following file(s):
# File Name Size MD5
1 file.exe 386,560 09963f553929ef4cced4c44e8ec4e9c2

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.