Comrade Circle Ransomware

Comrade Circle Ransomware is a malicious application developed by people belonging to the group called Comrade Circle. It enters computers to encrypt personal files so that it could obtain money from users. Following the successful infiltration, Comrade Circle Ransomware creates the executable file 1.exe in %TEMP%. This file opens the fake Windows update screen (Configuring critical Windows Updates) which locks Desktop. The ransomware infection opens this window and then starts encrypting personal files, including pictures, documents, videos, and music files. Even though the fake window can be easily closed by tapping Ctrl + Alt + Del simultaneously, it will not be that easy to decrypt files Comrade Circle Ransomware has encrypted because you need to have a special key to do that. Do not buy the decryptor even though you have important files and want to get them back because the owners of Comrade Circle Ransomware might not send you the decryption key even though, theoretically, they should have all those keys hidden on a secret server. What you should do instead of making a payment to them is to delete the ransomware infection from the system. Unfortunately, it might mean that you will never be allowed to access your files again. It is especially true if your files are not backed up and stored on external storage.

You already know that Comrade Circle Ransomware opens a fake Windows update screen when encrypting files; however, it is not the only proof that it is inside the system. As researchers working at pcthreat.com have found, this ransomware infection also changes the Desktop background and leaves ransom notes (RESTORE-FILEs![string of numbers].txt) in almost all directories containing encrypted files. What is more, you will definitely see that original names and extensions of your files have been changed. File names will be changed using the Base64 encoding, whereas the original extensions will be replaced by the .comrade extension that belongs to the ransomware infection.

The ransom note Comrade Circle Ransomware creates presents three options for users. The first one is to purchase the decryption software, the second one is to send as much money as users can (users will not get the decryptor in this case), and the third one is to join the Comrade Circle team and thus help to spread the infection. You should not pay attention to the message left for you. Make sure you do not transfer money to cyber criminals as well. There are two reasons specialists say so: 1) the decryption key costs ~2 Bitcoins, which is $1260 at the time of writing; 2) even though you pay this huge ransom it demands, you might not get the key for unlocking your files. Unfortunately, it is impossible to decrypt files without the key cyber criminals have; however, you should not hurry to delete those files it has encrypted because it might be possible to decrypt them one day with the free decryptor specialists might develop.

As research recently carried out by our specialists has revealed, Comrade Circle Ransomware might be distributed in several different ways. First of all, people who join the Comrade Circle team might help to spread it. Secondly, it might travel in spam emails pretending to be a legitimate invoice, tax return form, or another harmless document. Third, it is known that it might be dropped by the Trojan. It is not a piece of cake to protect systems from such dangerous computer infections as Comrade Circle Ransomware. Therefore, in the opinion of our security specialists, every user needs to have a reputable security tool installed on the computer. Of course, people should be careful themselves too, for example, it is highly recommended to ignore all the spam emails.

Comrade Circle Ransomware slightly differs from other ransomware infections – it does not lock Desktop and it does not block system utilities (e.g. Registry Editor and Task Manager). This means that it should not be very hard to remove this infection. Of course, if you decide to erase it in a manual way, we suggest paying attention to our step-by-step removal guide which you will find below. Have you decided to delete Comrade Circle Ransomware automatically? If so, we want to remind you to use only a reputable malware remover, such as SpyHunter. It is because those unreliable tools might install additional malware and do not do anything useful. In most cases, they cannot even delete the tiniest malicious component.

Delete Comrade Circle Ransomware

1. Open the Windows Explorer (Win+E).
2. Type %TEMP% in the URL box tap Enter.
3. Remove 1.exe file belonging to the ransomware infection.
4. Go to %USERPROFILE%\Downloads.
5. Delete the malicious file you have launched.
6. Remove ransom notes (RESTORE-FILES![string of numbers].txt).