Remove Salsa222 File Ransomware Virus

How to Remove Salsa222 Ransomware?

Salsa222 or just Salsa, as it’s otherwise known, is the name of a ransomware infection. It invades your system via trickery and deceit. And, once it slithers its way in, takes over. The infection spreads its clutches throughout, and encrypts everything. All your data falls under its grip. It’s not yet clear whether the tool uses symmetric or asymmetric cryptography. But, whichever one it is, it does the trick. Once the program completes the encryption process, your data is no longer accessible. You cannot open anything. Pictures, videos, music, documents. Salsa222 adds a special attachment at the end of each file to solidify its control. Say, you have a picture called ‘me.jpg.’ It becomes ‘me.jpg.salsa222.’ Apart from the name-change, you also come to find your Desktop picture got switched. And, there’s a new folder on your Desktop. It’s named CLICK HERE TO UNLOCK YOUR FILES SALSA222, and it contains a variety of HTML files.

READ CAREFULLY IF YOU WANT YOUR FILES BACK!
Your computer has been locked and your files are encrypted.
A one-time payment is required to restore access.
PRICE WILL DOUBLE IF PAYMENT IS LATE. FILES WILL BE DELETED FOR FAILURE TO PAY.
Date (PRICE WILL DOUBLE): –
Date (FILES WILL BE DELETED): –
Disable your Anti Virus now! If this program is deleted by your Anti Virus, you lose your files forever because it is impossible to decrypt your files!
PRICE: $150 in Bitcoins
[…]
Still confused? Click here to Learn More
Paid, and not seeing your files yet?
Verify that you paid the correct amount
Make sure your computer is connected to the internet
Reconnect all infected drives/usb/devices to your computer
If nothing worked, restart your computer, disable your anti-virus and re-download the salsa decryptor from one of these links: Download Server 1, Download Server 2, Download Server 3, Download Server 4, Download Server 5

They’re different variants of the same thing. The ransom note in about 60 languages. What’s more, the English version of the name opens automatically every 60 seconds. The message is pretty standard. In a nutshell, it provides clarity. It states there’s a ransomware on your PC, which locked your data. If you wish to unlock it, it provides a way for you to do that. All you have to do is pay a ransom equivalent to $150 in Bitcoins. If you delay more than five days, the amount doubles. Then, after another five days, your data gets deleted. And, it’s lost to you forever. The ransomware makes it seem so simple. ‘Pay us and get your files back.’ But it’s not as straightforward as it has you believe. There are countless ways the exchange can go wrong. Don’t pay the ransom Don’t make any attempts to contact the cyber kidnappers. There are consequences to that, and they are worse than losing your data. Compliance is the wrong way to go.

How did I get infected with?

Salsa222 uses the old but gold means of invasion to slither into your PC. More often than not, it turns to freeware. It’s one of the easiest entry point to your system. That’s because, users aren’t as careful as they should be during installs. Most users throw caution to the wind when installing freeware. They choose distraction, naivety, and haste over vigilance. And, they pay the price for that. Don’t make the mistake of carelessness. It’s usually a one-way street to infections. Don’t discard reading the terms and conditions. Don’t head straight for that YES at the bottom. Understand that attention goes a long way. It can save you a ton of problems. Choose due diligence over relying on luck. Next time, you’re installing freeware, be extra thorough. Other common methods of infiltration include spam email attachments. Or, corrupted links. Or, fake updates. Always apply extra caution. It can’t hurt. It can only help you.

Why is Salsa222 dangerous?

Say, you decide to follow the instructions, Salsa222 left you. Say, you choose to believe the extortionists’ to keep their promise. You pay the ransom. You transfer the money, and wait. What do you think happens after payment? One, the cyber kidnappers double-cross you, and send you nothing. Or, two, they send you a decryption key. But that has two potential outcomes, as well. The key can be wrong for your files. Even after applying it, your data can remain locked. And, even if it’s the right one, don’t jump for joy just yet. What do you imagine occurs after decryption? You have to realize that the key removes the encryption, not the threat itself. The Salsa222 ransomware continues to lurk somewhere on your computer. And, it can act up at any given moment, and put you back to square one. It’s clear how both scenarios end. With you losing both money and your data. But if compliance, is the way you want to go, you lose one more thing. Your privacy. When you transfer the ransom, you provide private details. You leave your personal and financial information. You leave it, where the cyber extortionists can find it. Once they get their hands on it, they can use it as they see fit. Then, what? Nothing good comes from cyber criminals having access to your private life. Don’t allow that to happen. It’s a tough choice, but it’s one you have to make. Forsake your files to protect your privacy.

Salsa222 Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Salsa222 Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Salsa222 encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Salsa222 encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.