What is Polis Ransomware?

Polis is the name of a newly discovered strain of file-encrypting malware, also known as ransomware. The new ransomware variant does not belong to any of the larger ransomware clone families.

Polis will encrypt the victim system, leaving only files essential to Windows intact. Encrypted file types will include all commonly used media, document, database and archive extensions.

Encrypted files receive a new extension in the form of the ".polis" string. This will turn a file called "image.jpg" into "image.jpg.polis" upon encryption.

The ransomware drops its ransom demands inside a plain text file called "Restore.txt". The operators of Polis decided to use double extortion tactics, as the ransom note threatens to leak all stolen files. The full ransom note goes as follows:


Hi! We have blocked your files and also uploaded useful data from your computers(SQL database, your mail messages, doc, docx, pdf, xls and other office files extensions) to our servers.

You have 2 days to contact us to discuss the terms of payment for our services to restore your files.

If you do not contact us or refuse to pay, we will place your stolen files in the public domain.

Do not change the file namesand extensions.

Do not try to decrypt the files yourself, they are encrypted using a good encryption algorithm.

Main Mail:

zdarovachel at gmx dot at

Backup mail(if we don't reply 24 hours):

decryptydata2 at gmx dot net

At the first contact, you can write to both email
s for reliability.

September 21, 2022