POLINA Ransomware

Cybersecurity experts are warning users about another hurtful ransomware threat. The malware is being tracked as the POLINA Ransomware and its encryption process can affect numerous different file types. Like most threats of this type, the POLINA Ransomware will leave the victim's data in an unusable and inaccessible state. All impacted files will have '.POLINA' appended to their original names.

The threat also will drop a text file named 'READ_HELP.txt' on the infected devices. Inside the file is a ransom note with instructions for the malware's victims. According to the message, the attackers demand to be paid a ransom in exchange for sending back a supposed decryption software tool. However, these claims are completely unsubstantiated, as the ransom note lacks the typical offer of decrypting a couple of small files for free. Instead, the only meaningful details it contains are an email address and a Telegram account - 'myfilesrecovery@proton.me' and 'hxxps://t.me/filesrecovery,' which can be used as communication channels. 

The full text of the delivered ransom-demanding message is:

'All of your files have been ENCRYPTED with POLINA RANSOMWARE

Your computer was infected with a ransomware. Your files have been encrypted and you won't

be able to decrypt them without our help.

What can I do to get my files back?

You can buy our special decryption software, this software will allow you to recover all of your data and remove the

ransomware from your computer.

Email our team at: myfilesrecovery@proton.me OR TELEGRAM: hxxps://t.me/filesrecovery

Don't worry, you can return all your files!'