Tackling the Salsa222 virus
A brief narration of how I dealt with the deadly computer which affected my laptop and PC. 😨
Some of the symptoms that you will see when your computer is affected by the virus:
- Files in your system will get encrypted (for example, “sample.jpg” is renamed to “sample.jpg.salsa222”).
- Salsa changes the desktop wallpaper (a screenshot has been included below)
- It creates a folder (“CLICK HERE TO UNLOCK YOUR FILES SALSA222”) containing a number of HTML files. And then it places this folder in each each directory containing encrypted files.
- When the HTML files in the folder are viewed in the browser, they contain an identical ransom-demand message in different languages.
- Automatically, every 60 seconds, the English variant of the ransom-demand message is displayed on the screen.
The Salsa ransom-demand message reads as follows:
READ CAREFULLY IF YOU WANT YOUR FILES BACK!
Your computer has been locked and your files are encrypted.
A one-time payment is required to restore access.
PRICE WILL DOUBLE IF PAYMENT IS LATE. FILES WILL BE DELETED FOR FAILURE TO PAY.
Date (PRICE WILL DOUBLE): -
Date (FILES WILL BE DELETED): -
Disable your Anti Virus now! If this program is deleted by your Anti Virus, you lose your files forever because it is impossible to decrypt your files!
PRICE: $150 in Bitcoins
We only accept bitcoins! Follow the steps below to decrypt your files:
1. Send exactly 0.124831 [BTC,BITCOINS] to this bitcoin address: 1CmrBiDU8Ta2TQ8j1VBtJ6UcvzvxixWeWD
2. After you send the payment, wait a few minutes…your files will be automatically decrypted and repaired. Your computer/files will be back to normal.
How to Use Bitcoin
Step 1 — Create Wallet
Register a new Bitcoin Wallet on your computer: Blockchain.info, CoinBase.com, StrongCoin.com
Or on your mobile phone by installing the Blockchain app.
Available on the App Store or Google Play
Step 2 — Purchase Bitcoin
Purchase Bitcoins online through a trusted reseller: LocalBitcoins.com (CASH, WESTERN UNION, PAYPAL)
CoinBase.com (BANK ACCOUNT, CREDIT CARD), CoinMama.com (CREDIT CARD, WESTERN UNION…), CoinCafe.com, BtcDirect.eu(EUROPE)
Or find a Bitcoin ATM machine in your area: CoinATMRadar.com (CASH)
Step 3 — Send Payment
Send exactly 0.124831 [BTC,BITCOINS] to this bitcoin address:
1CmrBiDU8Ta2TQ8j1VBtJ6UcvzvxixWeWD
Still confused? Click here to Learn More
Paid, and not seeing your files yet?
Verify that you paid the correct amount
Make sure your computer is connected to the internet
Reconnect all infected drives/usb/devices to your computer
My most important advice to those who get affected by the same virus is the following: Don’t restart your system when it is affected by the virus.
Although Salsa behaves like a program, it cannot be uninstalled because it is not listed in the Control Panel’s Installed Programs.
The only solution to recover from this virus attack is to format your PC. I did exactly that and then reinstalled my operating system from scratch.
