Threat Database Ransomware Poliex Ransomware

Poliex Ransomware

The Poliex Ransomware is a ransomware threat that was detected by a researcher operating under the Twitter name dnwls0719. The threat has not been classified as belonging to any of the already established ransomware families. Its behavior, however, sticks to that of a typical malware of this type. The Poliex Ransomware attempts to breach computers, run an encryption process, and lock nearly all data stored on the infected devices. Afterward, affected users will be extorted for money if they want to restore their locked files with the decryption key and tool possessed by the cybercriminals.

Poliex Ransomware's Characteristics

Whenever the threat encrypts a file, it will mark it by appending '.Poliex' to that file's original name. As for its ransom note, it is dropped on the compromised system in the form of a text file 'README.txt.' Instead of leaving extensive instructions and warnings to its victims, the Poliex Ransomware delivers an extremely short note that, nonetheless, contains the two most important details in these situations - the sum demanded by the hackers and the communication channel that can be used to reach them. Apparently, the cybercriminals want to receive exactly $500 and can be reached via the Telegram account mentioned in the note. 

Victims of ransomware infections should not rush into contacting and initiating negotiation with the operators of the malware. Doing so could further expose them to additional security risks. Not to mention that they may send the asked amount without receiving anything in return, only deepening the losses incurred from the attack. 

The text of the Poliex Ransomware's note is:

'Hello. All your files are encrypted. Do you want to decrypt your files?

price 500$. Our Telegram: hxxps://'


Most Viewed