Salam Ransomware

Salam Ransomware is the newest follower of Rush Ransomware, Cerber Ransomware, and other well-known infections. Although it is unknown whether or not all of these ransomware threats were created by the same cyber criminals, they function in similar ways. First, they use deception to slither into the target computer. Next, they use encryption algorithms to encrypt certain files (mostly personal files). Finally, they represent the demands that usually involve paying a ransom. Unfortunately, once in action, this malware cannot be stopped easily. For example, if you remove Salam Ransomware – which is not incredibly difficult to do – your personal files will remain locked. Although it is important to delete this malware, you have to do this after you decide whether or not you want to pay the ransom. You can learn more about this by reading our report.

After testing Salam Ransomware in our internal lab, we found that this infection encrypts files that represent documents and images. Although this threat does not attach a bogus extension to the encrypted files, you will easily identify them when you cannot open them. Your photos, PDFs, and other files will become inaccessible. Once the encryption is successfully completed (without your notice), this infection will show a notification explaining what you supposedly need to do to restore your files. Note that this notification will disappear after you restart your computer; however, you can access it via the WHATHAPPENDTOYOURFILES.TXT file that is placed on the Desktop, as well as every directory containing encrypted files. Even if you manage to delete all copies of this file from every location, your files will remain encrypted. On top of that, you will lose information that might help you contact cyber criminals.

Your ID: [number]
* * *
Hi. Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.
If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price
will be 7 bitcoins and so on. So, hurry up.
Contact me using this email address: mohammad@opensourcemail.org

Your ID number is meant to help the creator of Salam Ransomware to figure out which decryption key to send you. Of course, that does not mean that you should follow their demands and contact them via the provided email address. Unfortunately, users are intimidated by the increasing ransom that starts with 1 Bitcoin (currently amounts to $413) and increases by one Bitcoin every day indefinitely. Even 1 Bitcoin is a lot of money, and not all users will have that sum lying around. If you believe that the files encrypted are not worth that much money, you can delete Salam Ransomware without further delay. You can also proceed with the removal if your personal files are backed up, and you can easily restore them after getting rid of the ransomware. If you decide that you want to pay the ransom, keep in mind that cyber criminals might fool you. No one can guarantee you that your files would be decrypted if you acted as instructed.

It is imperative that you delete Salam Ransomware from your operating system, even if you follow the instructions given to you and pay the ransom. It is just as important to reinforce your virtual protection to prevent malicious programs, including ransomware, from attacking you in the future. Only if you erase this ransomware, will you disable connection to the videodrome69.com server and eliminate the possibility of having your personal files encrypted again. Unfortunately, that is not enough to ensure full-time Windows protection. Our recommendation for you is to employ automated malware detection and removal software to clean your PC and ensure its protection. If you want to erase this ransomware manually, there are a few steps that you need to make.

Salam Ransomware Removal

1. Launch Explorer by tapping Win+E keys.
2. Unhide and show hidden files, folders, and drives by modifying folder options:
   • Windows XP: click Tools, select Folder Options, click the View tab, and modify the settings.
   • Windows Vista/Windows 7: click Organize, select Folder and search options, click the View tab, and modify the settings.
   • Windows 8/Windows 8.1/Windows 10: click View, click Options, click the View tab, and modify the settings.
3. Enter %AppData% into the address bar.
4. Right-click and Delete files with random names (in our case it was five files called 758275 (the number of the ID), MatchstickHeterospory, System.dll, tribologists.dll, UniKS-UTF32-V).

Once you eliminate this ransomware, implement a malware scanner to inspect your operating system. Considering that this ransomware can slither in via spam emails or hide within software bundles, it is possible that other unreliable programs have slithered into your operating system without your notice.