Comrade Circle Ransomware

What is Comrade Circle Ransomware?

Comrade Circle Ransomware is a newly discovered ransomware that can infect your computer secretly and encrypt your files. After that, it will demand money, but we advise you to remove it instead because there is no way of knowing whether you will receive the decryption software and key once you have paid. Indeed, the aim of the game is to extract money from you and the cybercriminal behind this ransomware has little interest in giving you your files back. To find out more about this ransomware, read this whole article.testtesttest

What does Comrade Circle Ransomware do?

Like all ransomware-type malware, Comrade Circle Ransomware is designed to infect your computer secretly, and once it does it will start doing its dirty work. Our security experts have found that the executable of this ransomware is named simply 1.exe and, according to them, is set to be dropped in the %TEMP% folder. Once on your machine, this executable is launched automatically and will initiate a fake Windows update window what reads “Configuring critical Windows Updates.” While you see this window, this ransomware is hard at work encrypting your files with a unique encryption algorithm that creates a public encryption key and a private decryption key. The private decryption key is uploaded to this ransomware’s Control, and Command server, and you need it to decrypt the files. At present, we do not know the encryption method uses and whether it has vulnerabilities that can be exploited to help decrypt the files.

The fake Windows update window can be closed by going to Task Manager, selecting Processes and closing the 1.exe. However, once the encryption is complete, the window will close on its own and this ransomware should delete itself but not before it drops the ransom note named RESTORE-FILES![random numbers].txt in each folder where a file was encrypted. Take note that the executable might remain on your PC indefinitely and under certain circumstances encrypt your files again. So we suggest checking whether it is still present on your PC and get rid of it using our guide provided below or an anti-malware program such as SpyHunter because testing has shown that it is more than capable of dealing with this infection.

So, once the encryption is complete, you are left with your encrypted files and dozens of copies of the ransom note. Our security experts say that this ransomware’s developer will demand that you pay 2 BTC (1230.07 USD) for the decryption software and decryption key. To get them, you need to contact this ransomware’s creator via the provided email address or BitMessage address. Nevertheless, the developer offers you alternatives to paying the ransom that involve joining the Comrade Circle team and help the criminals distribute this software, and the ransom note says that you will even make money off it. However, we do not believe this to be true and even if it was, you should refrain from joining this criminal organization because that is what it really is.

Where does Comrade Circle Ransomware come from?

Unfortunately, we do not know where this ransomware comes from, but the information we have gathered suggests that this distributed globally. The methods used to distribute it are also unknown, but we assume that it should have many of them. Our researchers say that it might be distributed via email spam that is sent to random email addresses. The emails might either have a direct download link of this ransomware or feature a zipped file attachment set to download 1.exe once it is opened. The emails are probably disguised as legitimate invoices or business-related correspondence. However, it this ransomware might also be distributed using infected websites that host exploit kits and even is free software bundles.

How do I remove Comrade Circle Ransomware?

If your computer was infected with this ransomware and you want to get your files back, then the only two ways you can do this is by either paying the ransom or waiting for a free decryption tool to be made. This infection should auto-delete itself after the encryption is finished, but we recommend that you check that it is gone just to be sure. You can either use the guide below or you can scan your PC with an anti-malware program such as SpyHunter that will remove this malware easily.

Removal instructions

  1. Hold down Win+E keys.
  2. In the File Explorer’s address line, enter %TEMP% and hit Enter.
  3. Find 1.exe, right-click it and click Delete.
  4. Empty the Recycle Bin.
100% FREE spyware scan and
tested removal of Comrade Circle Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *