The Polis Ransomware is a hurtful threat designed specifically to lock the data of its victims. Ransomware threats are typically equipped with strong encryption routines that make the restoration of the affected file types without knowing the proper decryption keys practically impossible. The cybercriminals use the encrypted files to blackmail their victims into paying a significant ransom.
When the Polis Ransomware locks a file, it also appends '.polis' to that file's original name. Victims also will discover an unfamiliar text file named 'Restore.txt' that has appeared on the breached devices. The file contains a ransom note with instructions from Polis Ransomware's operators. According to the message, the attackers run a double-extortion scheme.
Indeed, the ransom note claims that important and valuable data, such as databases, email messages, documents, PDFs, and other file types have been exfiltrated to servers controlled by the attackers. Victims are given 2 days to establish contact before their data is released to the public. Two emails are provided in the message for this purpose - 'firstname.lastname@example.org' and 'email@example.com.'
The full text of Polis Ransomware's ransom note is:
'YOUR FILES ARE ENCRYPTED!!
Hi! We have blocked your files and also uploaded useful data from your computers(SQL database, your mail messages, doc, docx, pdf, xls and other office files extensions) to our servers.
You have 2 days to contact us to discuss the terms of payment for our services to restore your files.
If you do not contact us or refuse to pay, we will place your stolen files in the public domain.
Do not change the file namesand extensions.
Do not try to decrypt the files yourself, they are encrypted using a good encryption algorithm.
Backup mail(if we don't reply 24 hours):
At the first contact, you can write to both emails for reliability.'