Bitcoin Ransomware Education: Polski

Ransomware comes in many different shapes and sizes. Some malware projects try to affect as many people as possible around the world, whereas others target specific communities. Polski ransomware falls into the latter category, and it is clearly designed to threaten Polish computer users. The entire ransom note is written in Polish and will not make much sense to people who do not speak the language. Getting rid of the malware will be challenging for everyone.

Polski Ransomware Is No Laughing Matter

This particular type of computer malware targets Polish consumers. Considering how we have seen multiple ransomware types target Ukraine these past few months, it is not entirely surprising that more such variants would show up over time. After all, there are cyber criminals who have some sort of beef with a specific country and its population. Targeting people in one’s own country is never a good idea and usually results in police involvement.

Not too much information is known about Polski ransomware at this point, other than how it encrypts one’s files and demands a Bitcoin payment to restore access. It does appear this particular malware can be used to encrypt files on local hard drives, as well as those on any external memory device connected to the machine. Network shares could be affected as well, although that has not yet been confirmed by researchers.

Distribution of this particular malware appears to occur through spam campaigns. A lot of ransomware developers have been focusing on spam campaigns as of late, as it remains one of the more reliable ways to distribute malicious software on an incredibly large scale. Many email service providers still cannot block these malicious attachments from being delivered. All emails are targeted to Polish speakers, although it is unclear how this is achieved.

Any file encrypted by Polski ransomware will show up as a blank icon in Windows Explorer and cannot be opened by any means. Once the encryption process is completed, users will see a Polish ransom note advising them to make a US$249 payment in Bitcoin. Failing to cough up the money within 72 hours will result in the required payment amount increasing by as much as 100%. This is a scare tactic, of course, and it remains to be seen if that will actually happen.

Polski ransomware is yet another type of malware which does not use a central command & control server. This tactic has become more common among cyber criminals. Not relying on centralized servers often allows them to operate under the radar for longer periods of time. It is unclear how much of a threat Polski ransomware will become, given the scope of its target user base.

Getting rid of Polski is not easy by any means. There is no free file decryptor available, and it is unclear if there ever will be. However, there is no indication that this ransomware deletes the shadow volume copies on one’s computer. This should make file recovery through a backup possible in most cases.  Keeping a backup of sensitive information is always the advised course of action, whether or not one ever has to deal with a malware attack.