Threat Database Ransomware Comrade HT Ransomware

Comrade HT Ransomware

By GoldSparrow in Ransomware

The Comrade HT Ransomware is one of the many ransomware Trojans that are built based on HiddenTear, an open source ransomware platform released in August 2015 (hence the HT in the Comrade HT Ransomware's name). Since its initial release, HiddenTear has been responsible for countless ransomware variants because it is free and the cyber crooks can acquire it easily, while at the same time it can carry out an effective encryption ransomware attack. These infections are all based on taking the victim's files hostage, by using a strong encryption ransomware Trojan to make the victim's files inaccessible and then demanding that the victim pay a large ransom to restore access to the infected files.

Stay Away from this Comrade

The Comrade HT Ransomware will mark the files with the file extension '.comrade,' which is added to each affected file's name after the encryption of the victim's files is accomplished. The Comrade HT Ransomware will target a wide variety of file types while avoiding the Windows system folder and the files essential for Windows to function (if Windows stop working after a Comrade HT Ransomware attack, then the Comrade HT Ransomware would not be able to demand a ransom from the victim). The Comrade HT Ransomware and other, similar attacks encipher numerous file types including:

.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.

The Comrade HT Ransomware will display a ransom note demanding the payment of a ransom from the victim after encrypting the files.

The Comrade HT Ransomware and Its Ransom Demands

The Comrade HT Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The Comrade HT Ransomware demands a ransom of approximately 480 USD in Bitcoins. However, computer users should be aware that paying this ransom is not a good decision. One clear reason not to do this is that the Bitcoin wallet address associated with the Comrade HT Ransomware is not valid. This indicates that the people responsible for the Comrade HT Ransomware do not have any intention of helping their victims' recover their files.

The Comrade HT Ransomware's ransom note is contained in a text file named 'DECRYPT_FILES.txt,' which the Comrade HT Ransomware drops on the infected computer's desktop. The full text of the Comrade HT Ransomware's ransom note reads:

'All your files has been encrypted!
How do I get my files back?
Send $480 worth of Bitcoin to: 1NwlqXBqV2CBUZ53aLyzD71XkzDYc6bXe5
and send a email to
If you don't pay us within 24 hours, we will be forced to delete your decryption key.
If you turn off your pc, your files will automatically be encrypted again,
When you next boot.
Making it harder for you to decrypt your files.
Signed, Comrade.'

Dealing with the Comrade HT Ransomware Infection

The Comrade HT Ransomware runs on the Windows Task Manager under the name 'Windows Desktop.exe,' which may be meant to confuse computer users into believing that the Comrade HT Ransomware's file is legitimate. Affected computer users should remove the Comrade HT Ransomware infection itself with the help of a security program, which must be fully up-to-date. However, it is not possible to restore files that have been encrypted by the Comrade HT Ransomware currently if one does not have the decryption key. Because of this, the best measure that computer users can put in motion is a reliable backup system to have backup copies of their files on a protected device. Having backup copies of the files means that computer users can restore their files after an infection.


Most Viewed