I wrote this article to help you remove Comrade Circle Ransomware. This Comrade Circle Ransomware removal guide is working for all Windows versions.

Researchers have recently discovered one quite special piece of malware – the Comrade Circle Ransomware. Since it is newly-found a lot is still unclear with this particular threat. For example, it is unknown what kind of encryption algorithm it uses, is it the RSA or the AES? What is known, on the other hand, is that this is one very strange ransomware piece which absolutely differs from other of its kind.

Its executable is called “1.exe” and it is in the %TEMP% folder. When installed, Comrade Circle uses a tactic, which reminds us of the notorious Phantom Ransomware. The ransomware, in an attempt to mislead the users into thinking that everything is normal, creates a fake Windows Update screen. While the victims are thinking that just updates are being installed, what is actually happening is that their files are being encrypted by Comrade. Luckily, there is an easy way for you to tell the real update screen apart from the phony ones. You see, this pest`s fake message reads: “Configuring critical Windows Updates” but Windows has never used the word “critical” to describe its updates.

So, this is your hint and what you need to be looking for. In a real Windows Update screen, the word “critical” would not be included. However, while you are looking on the blue screen, Comrade Circle encrypts all your personal files – pictures, videos, MS Office docs, and music. The ransomware uses a strong encrypting cipher for the encryption, changes the names of the targeted files and appends the “.comrade” extension at the end of them. Once locked, you will no longer have access to this files. But this is not all! The most bizarre trick of Comrade involves it ransom note.

Aside from stating the standard stuff like that your files have been encrypted and you need to pay a certain ransom sum, it also reads the following: “If you do not need your files or already restore them, please send us as much money as you can. Comrade Circle good people that help poor people getting jobs and great things, thanks”. The note also says that the crooks will “give you an icon of Stalin that will protect you in the future” from similar infections. This must be, without a doubt, the oddest ransom note we have ever encountered, but this doesn’t change the fact that is still a blackmail message. Like mentioned above, this ransomware is weird.

Furthermore, the ransomware adds RESTORE-FILES[random symbols].txt files to all folders, in which encrypted data is stored. Victims are asked for 2 Bitcoins ($1,230) ransom sum if they want to recover their files. The crooks have even given you an opportunity to get in touch with them an email address “recoverfiles@mail2tor.com”. This is a very bad idea, keeping in mind how many victims have decided to pay and didn’t receive any decryption tool from the hackers. This is what they do. They don’t care about your files and that you have lost the pictures of your 1-year-old daughter`s christening. What they care about is your money. Don’t be naïve and don’t give them what they want. If hackers keep getting what they want this will never come to an end.

One of the most important questions is how an infection like this lands on your machine. It can be via spam email, suspicious software, phony program updates, or torrents. The distributors can be many that’s why you should always be careful. Whether checking your mailbox or while visiting pages, always pay attention. Ransomware can be hidden in places you would never expect – like job offers. Also, Exploit kits and Trojans can also be deliverers of the Comrade Circle. Being more cautious can only help you protect yourself on time. If you, however, have already been infected with Comrade, the removal guide below will help you get rid of it once and for all. And for better protection in the future, you can install a reliable antimalware tool.

Comrade Circle Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Comrade Circle Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Comrade Circle Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete