Andrzej Dupa Ransomware is recently discovered malware. The fact that it is new does not mean that there is something very unique about it. What distinguishes it from other similar threats categorized as ransomware is the fact that it may be a Polish version of the ransomware infection analyzed by our researchers some time ago – BansomQare Manna Ransomware. Also, unlike the majority of analyzed threats, it has two versions of the ransom note. Frankly speaking, there is a relatively small possibility to encounter this infection because it is not a prevalent threat, but we, unfortunately, cannot guarantee that it will not evolve into a “massive” malware campaign in the future, so we want to inform you about it so that it would be easier for you to prevent it from entering your system. If it is already too late for prevention, you must remove Andrzej Dupa Ransomware immediately to make sure it is not launched again and cannot encrypt more files on your computer. Yes, this malicious application locks files, which is the main reason it is considered harmful malware.
The successful entrance of Andrzej Dupa Ransomware will not bring anything positive to your life because this malicious application has been only developed to lock users’ personal files. There is a very huge possibility that you will find your documents, music, and other important files encrypted completely on your system after its entrance. A bunch of other ransomware infections act the same, but you can be sure that Andrzej Dupa Ransomware is the one that has affected them if they contain the .ZaszyfrowanePliki extension and you cannot access them in any way. If this threat is the one you have encountered, you should also be able to find a .txt file (ZaszyfrowanePliki.txt) with a message in all affected locations. As mentioned, there are two versions of the same ransom note available. They are quite similar. The only difference between them is that one of them contains a Bitcoin wallet address and the amount of money users have to send to get the decryption tool indicated. It seems that cyber criminals behind Andrzej Dupa Ransomware want $100 only, which is quite cheap if compared to the size of the ransom other threats demand from users, but it does not mean that you should make a payment. It should be noted that malware analysts are not 100% sure that Andrzej Dupa Ransomware has been developed to steal money from users. There is a slight possibility that it has been created for educational/testing purposes only. It does not mean that you can keep your system unprotected.
Since you already know how Andrzej Dupa Ransomware works, we should talk about its distribution too. This malicious application is not prevalent, so it may be too early to make conclusions about its distribution, but we already know one thing for sure – no users install this infection on their computers consciously. According to our experienced specialists who have already analyzed hundreds of ransomware-type infections, these threats are often distributed via spam emails. They may travel as attachments, or users might find malicious links inside emails they receive. Of course, they do not know that these links and attachments are malicious. It is quite a popular ransomware distribution method, but it is only one of several methods used. As researchers have observed, users might download malware from dubious websites themselves too. Without a doubt, in this case, malware is spread masqueraded as some kind of beneficial program or, for example, a popular film.
It is impossible to turn the clock back and prevent Andrzej Dupa Ransomware from entering the system if you have already encountered it, but you can delete it from your PC whenever you want to. If you use our manual removal guide (you will find it at the very end of this report), you should not face any problems during the Andrzej Dupa Ransomware removal. Of course, none of your files will be decrypted, but do not hurry to remove them – free decryption software that can unlock files encrypted by this infection is available. It can be downloaded from the web. This malicious application can also be disabled with an automated malware remover. If you delete malware automatically, your files will stay encrypted too.