Vortex Ransomware

Vortex Ransomware is one of those malicious programs that can cause you many problems. We have tested it and found that it can encrypt your files so you have to have an anti-malware program that could detect and remove it before it can do anything. If this program were to encrypt your files, then all you can do is pay the ransom because there is no free decryption key available at this time. The good news is that it is limited in the types of files it can encrypt, so you can avoid sustaining a lot of damage. This particular program was made by Polish cyber criminals for the Polish demographic as all of the text it has is in the Polish language.

Our research has shown that this particular ransomware uses the AES-256 encryption algorithm. It features a 256-bit length key that is used to encrypt the files. As far as we know, the unique key of this particular ransomware cannot be decrypted. Furthermore, this ransomware creates a unique key for each victim and, therefore, a unique decryption key is also needed. Vortex Ransomware should create a private decryption key that is sent to the command and control server (C&C) and you can receive it upon paying the ransom, or so it would seem.

While encrypting your files, this particular ransomware will append your files with an “.aes” file extension. As mentioned, this program only encrypts certain types of files. Our analysis has revealed that it encrypts pictures and images only. Hence, it was set to target content that has added value for which you would be compelled to pay the hefty ransom.

Once it finishes encrypting the files, Vortex Ransomware drops a ransom note in the form of a text file named ODZSZYFRUJ-DANE.TXT. The text inside this file is in Polish only. It says that you have to contact the developers via one of the two provided email addresses (rsapl@openmailbox.org and polskiransom@airmail.cc) to get further instructions on how to pay the 200 USD ransom. The criminals claim that they can decrypt two of your encrypted files for free. You have to send the encrypted files, and they should send you them back decrypted. The note also says that you have to pay within four days or the payment will increase by 100 %. So, this malware is no joke and can encrypt your most cherished photos and demand money.

If your computer has not been infected with Vortex Ransomware, then you should know how it is distributed so that you could avoid getting it. Our research has revealed that the developers distribute this ransomware via email spam. Therefore, we assume that they must have set up an email server dedicated to sending email spam that features this ransomware. As far as we know, the emails have an attached file that contains this ransomware. The file might be a zipped file archive that you can either open or extract.

Vortex Ransomware is just one of hundreds of ransomware-type applications that can secretly infect your computer and encrypt your personal files. Therefore, protecting your PC from these kinds of programs is of utmost importance. Having an antimalware on your PC can mean the difference between fending off an infection and getting your personal files ruined beyond repair. In the case of Vortex Ransomware, we recommend that you use SpyHunter to detect and delete it. Nevertheless, you can also opt for manual removal, but the executable is named randomly, and it can also be placed in a hidden location. The sample we have tested dropped the main executable in either %USERPROFILE%\Downloads or %TEMP%. Please consult the guide below or use our featured anti-malware application.

How to delete Vortex Ransomware manually

1. Hold down Windows+E keys.
2. Type the following file paths in File Explorer’s address box and press Enter.
   • %USERPROFILE%\Downloads
   • %TEMP%
3. Find the executable.
4. Right-click it and click Delete.
5. Empty the Recycle Bin.