Salam Ransomware

The Salam Ransomware is a threat that enters a computer and encrypts the victim's files, demanding the payment of a ransom to obtain the decryption key. Ransomware Trojans like the Salam Ransomware pose a significant threat to computer users because, even if the Salam Ransomware is removed, the victim's files remain encrypted. The Salam Ransomware was first observed infecting computers in Lithuania. Since these initial attacks, the Salam Ransomware has started to spread and carry out attacks around the world.

The Ransom Payment and Infection Process of the Salam Ransomware

The Salam Ransomware demands a ransom of 1 BitCoin if the ransom is paid within 24 hours of the infection. For each day that passes, the people responsible for the Salam Ransomware attack increase the ransom amount by 1 BitCoin, making it potentially very expensive for computer users to recover from a Salam Ransomware attack. The exchange rate for 1 BitCoin, at the time of writing, is $450 USD approximately. Once the victim's files are encrypted by the Salam Ransomware, it may become impossible to access them, and only the decryption key will allow computer users to recover their files.

There are several ways in which the Salam Ransomware may enter a computer, but the most common method for distributing threats like the Salam Ransomware is via corrupted email messages. The emails associated with the Salam Ransomware may contain a corrupted email attachment that will allow the Salam Ransomware to run automatically on the victim's computer. Even if the attachment is not opened, in some cases the email body will contain components that would allow the Salam Ransomware to enter a computer, making it very important for computer users to avoid opening unsolicited email messages and install anti-virus software and anti-spam filters on their email servers.

How the Salam Ransomware Attack Works

Ransomware Trojans like the Salam Ransomware infect a computer and drop a harmful executable file on the victim's computer. This compromised file may be associated with a corrupted DLL that will carry out the actual encryption process. The Salam Ransomware runs automatically when Windows starts up, encrypting the victim's files. The Salam Ransomware searches for common documents, images, audio, and other media files on the victim's computer and encrypts them using an advanced encryption algorithm. The Salam Ransomware then drops TXT and HTML files named “WHATHAPPENEDTOYOURFILES” with instructions for payment. The full text of the ransom notes that have been associated with the Salam Ransomware is:

Your ID: 139268
***
Hi. Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. If you pay me today, the price is only 1 bitcoin.
If you pay me tomorrow, you will have to pay 2 bitcoins. If you pay me one week later the price
will be 7 bitcoins and so on. So, hurry up.

Contact me using this email address: mahammad@opensourcemail.org

Do not Pay the Salam Ransomware Ransom Amount

Paying the Salam Ransomware's ransom amount is not a recommended action. There is no guarantee that the fraudsters will restore the files or deliver on their promises. Even worse, paying the Salam Ransomware's ransom further finances these people to continue creating threats like the Salam Ransomware, or making this threat even more effective. Instead, PC security researchers advise computer users to take precautionary measures to ensure that they are safe from threats like the Salam Ransomware. PC security analysts advise that computer users should use a fully updated and reliable security program at all times. They also should refrain from opening unsolicited email messages. Most importantly, computer users should backup all of their files on an external device or the cloud. Even the most expensive backup services and methods cost a fraction of the amount demanded by the people responsible for the Salam Ransomware and similar encryption ransomware Trojans.

SpyHunter Detects & Remove Salam Ransomware