SilentSpring-Threat In Detail
SilentSpring Ransomware is yet another ransomware threat that strikes on the computer system without user’s consent and encrypt important file on it. Like other of its kind, this one also aims to extort money from users by victimizing them and plying them with their privacy. The encrypted file may get .Sil3nt5pring extension which means the files are no more accessible to users. And the only way to unlock the files is to pay the ransom to the authors of SilentSpring. The ransomware leaves a ransom note that contains the instructions on how to contact the authors and pay the said amount.
The Ransomware threat uses the common way of intrusion like other Ransomware which is spam mails embedded with macro-enabled document which once run will drop the payloads of the threat and install it without user’s consent. The document attached could appear from any legit source, company or any invoice. Other sources through SilentSpring Ransomware could attack is downloading fake patches of code, updating applications from unverified links and so on.
Once installed successfully, SilentSpring Ransomware uses AES-256 enciphers to encode the files like documents, images, music, videos, databases, spreadsheets, eBooks, PDFs and presentations. The encrypted files are given the white icon and the .Sil3nt5pring extension after the original file name.
File extension targeted by SilentSpring Ransomware
→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”
After encryption been done, it deletes the Shadow volume copies created by Windows to make users unable to recover their files from other means.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of SilentSpring and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.