Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Comrade HT Ransomware

When Comrade HT Ransomware manages to infiltrate your computer, you can be almost sure that you may lose most of your personal files to encryption unless you have a backup. In the past years it has become a quite popular to sync files on the hard disk with cloud storage as a safe haven for your files. Others use removable drives to do the same. Both can prove to be the only savior when you are hit by such a dangerous ransomware. Although, you are offered the decryption key for a certain amount of money, why or how would you trust these cyber criminals who has attacked you in the first place? Do you not think that they could simply disappear after you transfer the ransom fee? Do you think these crooks would feel bad about not sending your the key? Well, these are certainly questions you need to face before rushing to by Bitcoins. And, of course, there is the question of supporting cybercrime, too. We know it must be a hard decision to let go of your files instead of paying and risking losing your money as well. Still, we recommend that you remove Comrade HT Ransomware immediately. But let us tell you more about this severe threat.

We have found that this malware infection was actually based on the well-known Hidden Tear Ransomware, which is an open-source tool originally for IT security experts that has got hijacked by hackers numerous times in the past years. The most likely way for you to end up with this ransomware program on board is to open a spam e-mail and view its attachment. This attached file is indeed the malicious executable most of the time; therefore, when you click to see it, you actually initiate this vicious attack. This can happen when this file is posing as an image, a .zip archive, or a video file. Sometimes you can also find that it is a document with macro. In this case, you need to enable macros to allow this file to download the malicious .exe file in the background while you are trying to figure out what this document is really about.

Unfortunately, there is no way for you to delete Comrade HT Ransomware in time, without causing serious damage to your precious files. You definitely should not fully trust your spam filter because these filters are never 100% accurate. You may have noticed that almost every day you can find totally legitimate or even important mails delivered to your spam or junk folder. This spam is designed to catch your attention. And, once it got your attention, you will most likely want to see its content. This is done by using pure psychology and misusing your curiosity factor. So this spam may claim to be about an unsettled invoice that is urgent, some issue with your credit card information, or changes with your bank account; anything that could relate to anyone really. Please remember that it is not possible to remove Comrade HT Ransomware without possibly losing your files. Thus, you need to become more careful in the future to prevent similar devastation from happening.

When you start up the malicious executable, it targets the following directories:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Documents
  • %USERPROFILE%\Pictures
  • %USERPROFILE%\Videos

This ransomware encrypts all your files in the above folders that have any of these extensions:".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".mp3", ".mp4", ".mov", ".wav", ".ogg", ".ico", ".tiff", ".jpeg", ".obj", ".c", ".h", ".cs", ".cpp", ".ttf", and ".rtf". As you can see, you can lose your documents, pictures, audios, videos, databases, and certain program files as well. If you do not have a backup, this could be a major hit for you. The encrypted files get a ".comrade" extension. Then, the ransom note text file called "DECRYPT_FILES.txt" is dropped on desktop.

This ransom note is the short kind; there is not too much information about the attack or how you can buy Bitcoins, and so on. You are told to transfer 480 US dollars worth of Bitcoins (around 0.067 BTC) to a given Bitcoin address and then, write an e-mail to cybervigilante4453@protonmail.com. If you fail to pay within 24 hours, these crooks threaten you with the deletion of your decryption key. Yet, we do not advise you to pay or contact these cyber criminals because this situation might get worse; you could be infected with yet another malicious program, for instance. We suggest that you delete Comrade HT Ransomware right away.

Since this dangerous ransomware creates a Run registry entry, it can start up automatically every time you reboot your system. Therefore, you need to remove this entry in the first place. Then, you can delete all related files. If you need assistance, please use our instructions below this article. Probably now you feel like you should defend your PC more efficiently. Therefore, we advise you to start using a reputable anti-malware program, such as SpyHunter for peace of mind in your virtual world.

How to remove Comrade HT Ransomware from Windows

  1. Press Win+R and type regedit. Hit the Enter key.
  2. Locate and delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows_Defender" value name where the value data is "C:\Users\user\Documents\Windows.exe"
  3. Exit the editor.
  4. Press Win+E.
  5. Delete "%USERPROFILE%\Documents\Windows.exe"
  6. Delete all suspicious files you have saved recently.
  7. Bin the ransom note file from your desktop.
  8. Empty your Recycle Bin.
  9. Restart your PC.
Download Spyware Removal Tool to Remove* Comrade HT Ransomware
  • Quick & tested solution for Comrade HT Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.

 
by
Loading...