The POLSAT Ransomware is a file-locking Trojan that stops the victim's media, such as documents or images, from opening. The encryption with which it performs this attack could be irreversible without the attacker's ransom-based help. Accordingly, users should protect their files by securely backing them up and let anti-malware solutions block or remove the POLSAT Ransomware from their computers
Bilingual Trojans Out Inspiring Fear
A threat's campaign is responsible for locking files for unknown value profits, although the chances are good that it's expecting Bitcoins. While malware researchers lack definitive confirmation, they suspect that the new the POLSAT Ransomware is a variant of the Phobos Ransomware family, a Ransomware-as-a-Service and branch-off of Dharma Ransomware. Whether it's from that source or another, the POLSAT Ransomware is an effective aggressor against users without backup plans.
The POLSAT Ransomware targets Windows environments, with most compatible security solutions identifying it by generic or heuristic metrics. The Trojan's most important feature is the attack that locks the user's files from opening: an encryption routine of currently non-analyzed strength. After blocking media formats of data such as documents or pictures, the POLSAT Ransomware appends their names with a compound string, including an ICQ contact instead of the traditional e-mail address.
After the attack, the POLSAT Ransomware generates a pair of messages that attempt to extort money from the victims. The POLSAT Ransomware's primary ransom note resembles a Phobos Ransomware member aesthetically, in the vein of the 1500dollars Ransomware, old versions of Dharma Ransomware, or some other families like Globe Ransomware. A possibly illuminating addition is the extra language support, which provides a Spanish translation for the English ransoming instructions. It's possible that the POLSAT Ransomware is exclusively targeting Spanish-speaking countries, but just as likely that it loads a separate note for new victims, according to their geo-located IP addresses.
Protecting Files from Silver-Tongued Software
Although the POLSAT Ransomware's name might come from various Poland-based references, as its payload shows, it's not restraining itself to eastern Europe necessarily. It's also very likely, if not sure that most attacks are compromising business entities, governments, or NGOs, due to the value of files and, therefore, ransoms from those victims. Whether at home or in the workplace, all users should consider offsite backups as mandatory for protecting their digital media.
Some installer exploits methods are more traditional than others for 2021's file-locking Trojans. Users run high risks of infection when they leave RDP features open to the Internet or without adequately strong password protection. They also could expose their computers to the POLSAT Ransomware through interactions with e-mail tactics and their attachments, such as documents or spreadsheets with macros. Pirated downloads also are a top infection vector.
As usual, any Windows users keeping anti-malware services on their machines shouldn't be at much risk from the POLSAT Ransomware. Traditional security solutions will block the Trojan's distribution exploits and also may safely remove the POLSAT Ransomware installations.
The POLSAT Ransomware is hedging its bets on who it's talking to – an English speaker or a Spanish one. Either way, it's extortion with files at gunpoint, which isn't a happy experience in any country in the world.