Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Salsa Ransomware

While most of the ransomware infections target specific regions, Salsa Ransomware seems to be targeting as many countries as possible because this program is available in at least forty languages. The malicious infection works just like any other ransomware program: It encrypts user’s files and then expects them to pay the ransom fee. That is how people behind such infections make money. However, you should not give away your money because that would not solve anything. You need to remove Salsa Ransomware and then protect your system from similar intruders that might lock down your computer, demanding that you pay a lot of money.

When it comes to the distribution of this infection, it does not present us with anything new or unusual. Our research team says that this program spreads via spam email attachments and drive-by downloads. Spam email campaigns send out thousands of messages to the stolen email addresses, hoping that at least few of the users would open and download the attachment that comes with the message. Of course, nowadays, email service providers are sophisticated enough to filter most of the spam messages into the Junk Mail folder. However, not all are immune to the well-crafted messages.

Some of them may look like invoices from online stores, while others could look like notifications from a financial institution. But if the message comes from the store you have not seen before or from a bank you do not recognize, why should you open that email? Unfortunately, quite a few users do, and when they open the attached file, they launch the infection. Hence, when you get down to removing Salsa Ransomware from your computer, first you have to look for the attached files that you downloaded and opened the most recently. They will probably be in your Downloads folder or in any other directory where you save downloaded files.

Of course, the program will not encrypt all of your files because then your system would not function. Instead, Salsa Ransomware will target files in the %UserProfile% directory because that is where most of the users save their files. Also, once the encryption is complete, you will know exactly which files were affected because the ransomware will add a new extension to all of the encrypted files: .salsa222. Needless to say, it will not be possible to restore your files manually because ransomware programs encrypt those using really complicated algorithms. What’s more, Salsa Ransomware might delete your Shadow volume copies, thus making it impossible to restore your files without the decryption key.

Salsa Ransomware will change your wallpaper to make it look like the situation at hand is very serious (and of course it is). It will also display the ransom note that will say you have a limited-time offer to restore your files for $100USD. Here is an extract from the message:

Your computer has been locked and your files are encrypted.

A one-time payment is required to restore access.

PRICE WILL DOUBLE IF PAYMENT IS LATE. FILES WILL BE DELETED FOR FAILURE TO PAY.
<…>

Disable your Anti Virus now! If this program is deleted by your Anti Virus, you lose your files forever because it is impossible to decrypt your files!

Restarting your computer will not make this notification go away because this program has an auto-run at %ALLUSERSPROFILE%\DONOTDELETESALSA. The program also creates several folders in your system, although they usually carry just the ransom note files and the ransomware information file that opens a website with the ransom note.

It is possible to remove Salsa Ransomware from your computer manually, but if you are not sure of your software removal skills, you can always rely on a powerful antispyware tool. You should invest in a security application that will help you terminate Salsa Ransomware automatically. Please remember that with a powerful antispyware program you will also be able to protect your computer from other malicious infections.

As for your files, you may have to delete the encrypted data, and then look for healthy copies of your files saved in an external hard drive or anywhere else. Users often have copies of their files saved on cloud drives and their mobile devices, so the chances are you will be able to restore at least part of your files. You should try out every single option you can come up with.

How to Delete Salsa Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type %AllUsersProfile% into the Open box. Click OK.
  3. Remove the DONOTDELETESALSA folder from the directory.
  4. Press Win+R and enter regedit. Press OK.
  5. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. On the right pane, right-click the Salsa222 - data value.
  7. Choose to delete it and exit Registry Editor.
  8. Open your Downloads folder.
  9. Remove the most recently downloaded .exe files.
  10. Run a full system scan with a licensed security program.
Download Spyware Removal Tool to Remove* Salsa Ransomware
  • Quick & tested solution for Salsa Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.