Get the 411 on Spyware
Comrade Ransomware Removal Guide
Comrade Ransomware, also known as Comrade HT Ransomware, is a dangerous malicious threat that can sneak onto your system and encrypt your personal files in no time. The main reason behind this vicious attack is obviously money, i.e., to extort money from you for the decryption key. You are not given too much time to make up your mind by these cyber criminals. Nevertheless, we do not advise you to pay hundreds of dollars because that could easily be money down the drain. We must warn you that it is always risky to pay the ransom fee since you have no guarantee that you will really get the decryption key or your attackers may just disappear into thin air. We have also found that this malware infection is based on the good old Hidden Tear Ransomware, an open-source project used as a base by lots of hackers and wannabes to create threats like The Magic Ransomware, ViiperWaRe Ransomware, and Foxy Ransomware. We recommend that you delete Comrade Ransomware immediately after you notice you have been hit. There is no other way to restore your system security. Hopefully, you have a backup stored in a safe place that you can use now to recover your files.
This dangerous threat can easily crawl onto your system if you are a bit careless and open a spam e-mail that appears to be regarding an urgent matter. This ransomware is spread as a file attachment, which can pose as an image, a "must-see" video, or a text document with macro. The subject this mail may refer to is usually an unpaid invoice that is overdue, an issue with your credit card details or your bank account, and so on. Obviously, it is an issue that could generally affect anyone really. However, here is a good lesson to learn: Do not open an e-mail that you are not expecting to receive. Such a general mail can easily come from cyber criminals in an attempt to scam you in a way. Well, this spam does more than that because it can actually damage all your important files before you could remove Comrade Ransomware from your system. This is why it is important that you become more cautious with your e-mails and do not fully trust your spam filter because it can also make mistakes.
It is also important for us to mention that you should keep your browsers and drivers (Java and Flash) always up-to-date because you can also drop such a dangerous ransomware by being redirected to websites run by cyber villains using Exploit Kits. We cannot confirm that this particular malware infection is spread that way but it is certainly an option for other threats and you should be prepared not to fall into such traps. You can easily end up on such a malicious page by clicking on a corrupt third-party ad that could be presented to you on a suspicious website or by a malware infection on your computer. If you do not want to end up having to delete Comrade Ransomware or any other malicious threat, you should avoid suspicious page, clicking on third-party ads, and you should update all your software frequently, too.
Once you run the downloaded malicious file, it targets files in these directories:
- %USERPROFILE%\Desktop
- %USERPROFILE%\Documents
- %USERPROFILE%\Pictures
- %USERPROFILE%\Videos
This ransomware can encrypt all your personal files with the following file extensions: ".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".mp3", ".mp4", ".mov", ".wav", ".ogg", ".ico", ".tiff", ".jpeg", ".obj", ".c", ".h", ".cs", ".cpp", ".ttf", ".rtf". The encrypted files will have a ".comrade" extension but the file name does not change. Once done, this threat drops its ransom note as a text file called "DECRYPT_FILES.txt" on your desktop. This file contains information about this attack and how you can get your files back.
This is a rather simple ransom note with limited information actually. All you learn is that you have to pay $480 worth of Bitcoins to a given Bitcoin wallet address and then, send an e-mail to "cybervigilante4453@protonmail.com." You are given as little as 24 hours to make the transfer and contact these criminals or else, your decryption key will be deleted. You are also warned that restarting your computer will result in your files being encrypted again, which could make decryption very difficult if not impossible. Still, we believe that the best thing you can do is delete Comrade Ransomware and all the related files and registry entry if you want to use a secure computer. So let us tell you how you can do that.
Unfortunately, we have not found any free tool that could help you recover your files. So if you do not have a backup saved in cloud storage or on a removable drive, you may easily lose all the encrypted files. We have included our guide below if you would like to eliminate this severe threat manually. This attack also teaches us that it is essential to have a backup of our most important files because such damages might occur. However, the best way to protect your PC is to install a reliable anti-malware program like SpyHunter.
How to remove Comrade Ransomware from Windows
- Press Win+R and type regedit. Hit Enter.
- Locate and delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows_Defender" value name (value data: "C:\Users\user\Documents\Windows.exe")
- Exit the editor.
- Press Win+E.
- Search all your download directories for recently downloaded suspicious files and delete them.
- Delete "%USERPROFILE%\Documents\Windows.exe"
- Empty your Recycle Bin.
- Restart your PC.
