.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus - Remove and Restore Files

.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus – Remove It and Restore Files

This article will help you to remove the .##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus (Jigsaw ransomware) fully. Follow the ransomware removal instructions given at the end of the article.

The .##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus is a part of the Jigsaw ransomware family. The cryptovirus uses the source code of the original one. Jigsaw has a list with around 126 file extensions that seeks to encrypt. All of the files which will get encrypted will receive the extension .##___POLICJA!!!___TEN_PLIK_ZOSTA appended to them. Afterward, a ransom note message will be displayed demanding 997 US dollars in Bitcoin as a ransom sum.

Threat Summary

Name.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware will encrypt your files and display a screen with the ransom note, which is themed around a Polish Police department.
SymptomsThe ransomware will encrypt files by placing the .##___POLICJA!!!___TEN_PLIK_ZOSTA extension to all of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus.

.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus (Jigsaw) – Spread

Jigsaw ransomware could infect computers using different methods for spreading that infection. Spam e-mails could be spreading its payload dropper. Those types of emails will try to convince you that something important is attached as a file to that e-mail. In actuality, the attachment will look like a legitimate document or one that is archived, but it is a file containing a malicious script. If you open that file, it will launch the payload for the ransomware. You can preview the analysis of one such file on the VirusTotal service:

Jigsaw ransomware might be using other methods for spreading, like putting the payload file dropper via social media and file-sharing sites. Freeware applications which roam the Internet could be presented as useful but also could hide the malicious files of this virus. Refrain from opening files after you download them, especially if they come from unverified sources, such as links and e-mails. First, you should scan these files with a security tool, and also make sure to check their sizes and signatures for anything that seems unusual. You should read the ransomware preventing tips topic in the forum.

.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus (Jigsaw) – Overview

The Jigsaw ransomware ransomware virus keeps on appearing on the radar of malware researchers. This variant displays a ransom note and is themed around a Polish Police department.

The following picture is used by the ransomware virus:

When the Jigsaw virus is executed, it will modify an existing entry in the Windows Registry or create a new one to achieve persistence. That registry entry makes the malware to automatically execute with each boot of the Windows operating system. Afterward, your files will get encrypted, and receive the same extension.

Usually, what comes next is a window popping up on your screen that shows the picture with police officers and text being typed out with green letters. That text is the ransom message with information and instructions for payment.

The original ransom note message is written in the Polish language:

UWAGA, UWAGA!!! Tu komenda wojewódzka policji, wydział ds. cyberbezpieczeństwa

Nasze systemy monitorujące bezpieczeństwo w sieci wykryły po raz kolejny
masowe rozprzestrzenianie złośliwego oprogramowania, badź treści
pornograficznych z udziałem osób nieletnich!!!
w Polskim prawie są to bardzo ciężkie przestępstwa, za które grozi
kara pozbawienia wolności nawet do lat 12-stu!!!
Zdajemy sobie sprawę z tego, że pliki osobiste mogą być potrzebne Państwu,
w każdym momencie, dlatego dajemy Nam 100-procentową gwarancję odblokowania ich, ale
wyłącznie po opłaceniu grzywny w BTC (BITCOIN) na rzecz Fundacji **Polsat**!!!
w przypadku nie dokonania płatności w ciągu 3 dni wszystkie zablokowane pliki
zostaną definitywnie usunięte z dysku!!!!!!
Nie wyłączaj komputera przed dokonaniem płatności, gdyż wtedy automatycznie
usunę permanentnie 1000 plików!!!

Czas podjąć decyzję…

A machine translation of the message in English looks like the following:

Here is the provincial police department, cybersecurity division.


Our network security monitoring systems have detected once again
mass proliferation of malicious software, research content
pornographic with the participation of minors !!!
in Polish law they are very serious crimes, for which they are threatened
imprisonment up to 12 years !!!
We are aware of the fact that personal files may be needed by you,
at any time, that’s why we give us a 100% guarantee of unlocking them, but
only after paying the fine in BTC (BITCOIN) for the Foundation ** Polsat ** !!!
if you do not make the payment within 3 days, all blocked files
will definitely be removed from the disk !!!!!!
Do not turn off your computer before making a payment, because then automatically
I will permanently delete 1000 files !!!

It’s time to make a decision …

On top of that a little window will pop up with the following message:

Proszę wysłać co najmniej $997 na podany poniżej portfel BTC:

That translates in English to:

Please send at least $997 to the BTC wallet below:

Jigsaw (.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus) tries to manipulate to paying the 997 US dollar ransom sum, by stating that it will delete files from your PC every hour until you pay and there is nothing else that you can do to prevent that. But you should NOT under any circumstances pay the ransom sum. Supporting cybercriminals is a bad idea as that will only motivate them to do more criminal acts.

.##___POLICJA!!!___TEN_PLIK_ZOSTA File Virus (Jigsaw) – Encryption

A decrypter tool might be made to decrypt files locked by this ransomware threat in the near future.

In case the cryptovirus follows the encryption process of the original ransomware, the list with 126 file extensions that will become encrypted will look like the following:

→.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as.txt, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .dxf.c, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .zip

The list with the file extensions for encryptions will be updated with if new information is found about it. The encrypted files will have the .##___POLICJA!!!___TEN_PLIK_ZOSTA extension appended to them, after their file name.

The Jigsaw ransomware could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the command stated above is executed that would make the encryption process even more efficient as it will eliminate one of the possible ways for restoring your data. If your computer machine was infected with this ransomware and your files are locked, read on through to find out how you could potentially recover your data.

Remove Jigsaw Ransomware and Restore .##___POLICJA!!!___TEN_PLIK_ZOSTA Files

If your computer got infected with the Jigsaw ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share