Home / Spyware Help / Polski Ransomware Removal Guide

Polski Ransomware Removal Guide

by 0 Comments

Do you know what Polski Ransomware is?

Polski Ransomware is a malicious application that was created to infect your computer, encrypt your personal files, and demand that you pay a ransom for the decryption key. However, paying the ransom can be a bad idea because there is no way of knowing whether its developers will send you the decryption tool and key. Therefore, you should consider removing it because you might be throwing your money away by paying the ransom. Our malware researchers have tested this ransomware and, in this article, we will discuss their findings.

From the outset, it was clear that Polski Ransomware was created by Polish cyber criminals. Researchers say that all of the information in the ransom note is in the Polish language as well. Hence, it should be distributed in Poland only. Malware analysts say that Polski Ransomware’s developers should have set up an email server that distributes this ransomware by spamming potential victims with emails. One distinctive feature we know of is that the emails are a signed a unique number that can be seen from the subject line. So if you get an email with a subject line such as “61621122” (without quotes), then rest assured that it features this ransomware. Researchers say that the emails should feature an attached file that will download this ransomware onto your computer if you open it. The nature of this dropper file is unknown, but it could be a JavaScript file that will run a malicious script and download this ransomware secretly.

If Polski Ransomware were to enter your computer, then you would be in much trouble. Our cyber security specialists have concluded that this ransomware uses the AES-256 encryption algorithm with a 256-bit length key. This sort of key is often used by ransomware developers and is rather strong. Researchers say that it should generate a public encryption key and a private decryption key that is sent to the command and control server.Polski Ransomware Removal GuidePolski Ransomware screenshot
Scroll down for full removal instructions

Polski Ransomware was set to target images, documents, file archives, and other file types. It encrypts the most common file formats that store personal information that can be valuable to the user. Hence, this ransomware’s developers do everything they can to compel you to pay the ransom. On a side note, Polski Ransomware appends the encrypted files with the ".aes256" file extension, so you could know which files were encrypted.

Once this ransomware has completed encrypting your files, it will drop two file named "!!! - - ODZYSKAJ-PLIKI - - !!!.htm" and "!!! - - ODZYSKAJ-PLIKI - - !!!.txt." Both of these files feature the same exact ransom note in Polish. The note demands that you pay 249 USD within 72 hours because if you do not, then the ransom will increase 100%. However, you should not pay anything because there is no guarantee that the criminals will send you the decryption key and tool needed to get your files back. To contact the criminals and receive information on how to pay the ransom the note asks to message rsapl@openmailbox.org or estion@sigaint.org. Again, you should not comply with the criminals’ demands.

In closing, Polski Ransomware is a dangerous ransomware that can infect your PC secretly via email spam. It was configured to encrypt file types that feature personal information ad demand that you pay a ransom to get your files back. You should refrain from paying the ransom because you might not get what you were promised. We suggest that you simply remove Polski Ransomware and try to restore your files from backups, if you have any. We suggest using SpyHunter’s free scanner to detect the malicious files and then delete them manually.

Removal Guide

  1. Go to http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe
  3. Install the program and run it.
  4. Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Press Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Locate, right-click the malicious files and click Delete.
  10. Empty the Recycle Bin.

In non-techie terms:

Polski Ransomware is a highly malicious application that was created to encrypt your files and demand that you pay money for the decryption key needed to decrypt them. It can infect your PC if it is not protected by an anti-malware program. Because it is likely that its creators will not give you the decryption key after you pay, we recommend that you remove it as soon as you can.