Polski Ransomware

Polski Ransomware is a Polish-made ransomware-type computer infection that was designed to encrypt your personal files and demand that you purchase a unique decryption key to decrypt them. This ransomware is no different from hundreds of other similar programs. The only unique thing about it is the fact that it is in Polish and probably distributed in Poland only. Regardless, we recommend that you remove this ransomware instead of paying the ransom. To find out why you should not pay, we invite you to read this whole article.

Before we go into how this malware is distributed, we want to discuss its features and functions. Polski Ransomware is a never before seen application that was discovered on 5 February 2017. We found that this particular ransomware was configured to encrypt your files with the AES-256 encryption algorithm. It features a 256-bit long key that ensures a secure encryption and decrypting this key using a third-party decryption tool may be possible, but the problem is that it does not exist. We found that it can encrypt many file formats and targets images, audios, videos, and documents specifically. Nevertheless, it can encrypt a wide array of files that can disrupt your computer’s performance. While encrypting your files, this ransomware will append them with the ".aes256" file extension that indicates that the file was encrypted.

Once the encryption process is complete, Polski Ransomware will drop two files on your PC. !!! - - ODZYSKAJ-PLIKI - - !!!.htm" and "!!! - - ODZYSKAJ-PLIKI - - !!!.txt feature the same information. They act as ransom notes that provide information about what had happened to your PC in Polish. The note says that you have to pay 249 USD for the decryption key. It warns that if you fail to pay within 72 hours, the ransom will increase 100 % — to 498 USD. We do not recommend paying the ransom, however, because you cannot trust cyber criminals to keep their word and send you the decryption key and software. Note that you would have to message the criminals via rsapl@openmailbox.org or estion@sigaint.org email addresses. They use Sigaint.org Public Mail Server that is mostly used to help journalists and activists protect their privacy. Polski Ransomware is a highly malicious program, so it would be for the best if your PC were not infected with it. Having an anti-malware program on your PC will fend off most malicious applications.

The information we have received suggests that Polski Ransomware uses email spam to infect the computers of its victims. The developers must have set up an email server dedicated to distributing this ransomware. We think that the malicious emails should contain an attached file that downloads this ransomware onto your computer when opened. We do not know what the text inside the emails says, but we have received information that the subject line of the malicious emails is made up entirely out of numbers.

As you can see, Polski Ransomware is one malicious application that can encrypt your files and keep them that way indefinitely unless you pay the ransom. However, there is no guarantee that you will receive the decryption key and software once you have paid. Therefore, we recommend that you remove it from your PC as soon as possible and we suggest that you use a SpyHunter to detect the malicious files and then delete them manually.

How to delete Polski Ransomware

1. Go to http://www.pcthreat.com/download-sph
2. Download SpyHunter-Installer.exe
3. Install the program.
4. Run it and click Scan Computer Now!
5. Copy the file path of the malware from the scan results.
6. Press Wins+E keys.
7. Enter the file path of the malware in File Explorer’s address box.
8. Hit Enter.
9. Find and right-click the malicious files and then click Delete.