What is SilentSpring ransomware? And how does it carry out its attack?
SilentSpring ransomware is another crypto-virus first spotted in the first week of March 2018. SilentSpring, just like most ransomware threats, aims to encrypt files of users to extort money from them. As soon as it invades a targeted system using spam emails, it will start to execute its attack by dropping additional malicious files in the affected system and connect to its Command and Control server to send information about the infected system. It also makes modifications in the Windows Registry to achieve persistence. It then scans the computer for specific file types to encrypt such as:
.AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML .DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX.PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML .DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG .CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG
Once it finds the files with the aforementioned extensions, SilentSpring ransomware encrypts them using a strong and sophisticated encryption algorithm. Then it appends the extension “.Sil3nt5pring” on every encrypted file. Right after that, it opens its ransom note which contains a short message written in Russian:
Страница, которую вы искали в этом блоге, не существует.
Перейдите на “Введение” или используйте вкладку “Список”.
Do not understand Russian? Well then, click to this picture. �”
If the language it uses in its ransom note didn’t give it away, it’s pretty much obvious that SilentSpring ransomware mainly targets Russian users. Even so, even if you’re not from Russia, there are still chances that you could get infected with this crypto-malware.
How does SilentSpring ransomware disseminate its malicious payload?
Cyber criminals, developers of SilentSpring ransomware included, uses social engineering techniques in disseminating malicious payloads of harmful threat like ransomware – one of the most common one is spam emails. Crooks usually make use of spam bots to automatically produce catchy email messages which contains an infected attachment like a .doc, .docx, .png, .exe and other kinds of files and convince users to download them. Once the file is downloaded and opened, ransomware threats lie SilentSpring will immediately get installed in the system.
Refer to the set of instructions provided below to eliminate of SilentSpring ransomware from your PC.
Step 1: Tap Ctrl + Shift + Esc keys to launch the Task Manager.
Step 2: Go to Processes and look for SilentSpring ransomware’s malicious process, right click on it and select End Process or End Task.
Step 3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for dubious programs that might by related to SilentSpring ransomware and then Uninstall it/them.
Step 5: Tap Win + E to launch File Explorer.
Step 6: After opening File Explorer, navigate to the following locations below and look for SilentSpring ransomware’s malicious components and remove them all.
Step 7: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 9: Navigate to the listed paths below and look for the registry keys and sub-keys created by SilentSpring ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 10: Delete the registry keys and sub-keys created by SilentSpring ransomware.
Step 11: Close the Registry Editor.
Step 12: Empty the Recycle Bin.
You have to ensure that SilentSpring ransomware is completely removed and that nothing is left behind, use the following antivirus program. Refer to the instructions below to use it.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.