If you are greeted with a screen-size notification with the word “Slam” attached at the top, you might have become a victim of Salam Ransomware. This ransomware is not special in any way, and the only thing that has surprised our malware analysts is that the ransom demanded is increased every 24 hours. It appears that this ransomware does not have an expiration date, and it is ready to take hold of your personal files for as long as needed. Most infections, including Rush Ransomware and Maktub Ransomware, provide users with a limited time frame. Unfortunately, this means that the price for your files’ decryption can grow immensely, and the starting price is already big. The initial ransom is 1 BTC, and, as you might now, Bitcoins is a virtual currency. If you do not make the payment within 24 hours, the ransom, allegedly, will increase to 2 BTC (830 USD). If you are not willing to pay money – and there is, at least, one reason why you should not – the first thing you need to do is delete Salam Ransomware.
The first thing we analyzed was the distribution of Salam Ransomware. This threat is not unique when it comes to the distribution, and, just like most ransomware infections, its installer is likely to be attached to a corrupted spam email. When you interact with the attached file or visit the site linked, you are likely to execute the infection without even realizing it. Once installed, this devious threat starts encrypting your personal photos and documents silently. According to our research, this ransomware connects to videodrome69.com/knock.php?id=758275. It is likely that this server will be employed to store the installer of this threat or the decryption key that is created after the encryption. This decryption key is what is meant to persuade you into paying the ransom. Although many creators of ransomware infections fulfill their promises to decrypt files once the payment is processed, we have also seen infections that take the money without providing decryption services. Are you willing to risk 400 dollars for your personal files? If these files are really important to you, and you cannot retrieve them in another way, you might have to take the risk. Of course, we do not advise that.
The demands of Salam Ransomware are represented via a notification that shows up on your screen when the files are encrypted. The same notification also comes in a form of a text file called “HATHAPPENDTOYOURFILES.TXT”. It will be impossible to miss this file because it will be created on your Desktop and everywhere where encrypted files exist. This TXT file includes an ID and an email address which, allegedly, you can use to contact the creator of this ransomware. If you email this address, you might get further instructions on how to pay the ransom. There is no way of knowing when cyber criminals would write you back, and your ransom payment might increase by the time they do. Of course, if you are 100% sure that you want to take the risk and pay the ransom, you will have to play by the rules given to you. Well, even if you pay the ransom, and your files get decrypted (remember that it is unknown whether or not this would happen), you will have to remove the ransomware from your PC.
Are your photos stored on an external drive and your important documents are backed up as well? If this is the case, why have you not removed Salam Ransomware yet? Unfortunately, not all users will be this lucky. Some will choose to sacrifice their files because communicating with cyber criminals is risky, plus, the sum required is very big. Other users will pay the ransom. In any case, this ransomware requires immediate removal, and we have created a simple guide that will help you erase this threat. The only complicated part is the identification of malicious files. If you find that you are unable to identify which files belong to the ransomware, we advise installing anti-malware software to have them eliminated automatically. If you want to keep your operating system free from malware in the future, make sure you update this anti-malware software regularly. See the comments section below? Post your questions, if you have any, and your feedback.