.Sil3nt5pring Files Ransomware – Remove Virus and Restore Files

.Sil3nt5pring Files Ransomware – Remove Virus and Restore Files

This article has been created in order to explain what is the SilentSpring ransomware infection and how to remove it completely from your computer and restore .Sil3nt5pring encrypted files.

A new ransomware infection, going by the name SilentSpring has been detected by security experts. The malware aims to infect the user PC unnoticed and then encrypt the files on the computers that have been infected by it. The malware then may drop it’s ransom note files on the computers victimized by it, shortly after which the virus may drop a ransom note whose primary purpose is to get victims to pay a hefty ransom fee in order to get their files to become openable again. If your computer has been infected by this version of the .Sil3nt5pring files virus, recommendations are to read the following article, explaining how to remove it from your computer and how to restore your files.

Threat Summary

Name.Sil3nt5pring Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the computers that have been infected by it and then drop a ransom note file, whose primary purpose is to
SymptomsThe files on the compromised computer are encrypted with an added .Sil3nt5pring suffix.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Sil3nt5pring Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Sil3nt5pring Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Sil3nt5pring Files Virus – How Does It Infect

The .Sil3nt5pring files virus is the type of ransomware infection which may enter your computer via a variety of ways, including via e-mail spam messages which may contain either malicious e-mail attachments or malicious web links. The e-mails spreading viruses, like the .Sil3nt5pring ransomware may appear as if they come from legitimate sources, like big companies, for example:

In addition to via e-mails, the virus may infect it’s victims via other methods as well, such as being downloaded from third-party websites, that may advertise it as a legitimate type of file, from the likes of:

  • Drivers.
  • Setups of programs.
  • Game patches, cracks and license activators. Software key generators.

Usually most of the victims who have downloaded it, believing it is legitimate software may encounter this virus, and not even notice that it slipped past their defenses, so malware researchers and cyber-sec experts often recommend to use anti-malware programs that have on-demand scanner capabilities.

.Sil3nt5pring Files Virus – Analysis

The .Sil3nt5pring files virus is the type of infection which aims to extort you for your files. The virus begins the infection process by dropping it’s malicious payload on your computer. It may exist under different names and in different Windows directories, the most commonly used of which are the following:

After having it’s payload being activated on your computer, the .Sil3nt5pring files virus may begin to create mutexes, touch system files of Windows and create scheduled processes that run automatically in order to obtain administrative permissions. After having obtained the above-mentioned, the virus may begin to directly manipulate Windows by modifying Windows Registry Editor via adding registry entries with data in them, that leads to the location of the malicious files of this ransomware. The sub-keys that are targeted most often are the Run and RunOnce registry sub-keys, which are responsible for running files automatically when you log in your Windows user account. The sub-keys have the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After having done this, the .Sil3nt5pring files infection may also delete the Shadow Volume Copies in Windows by attacking the recovery service and the shadow volume service as an administrator in Windows Command prompt and entering the following commands without your consent or knowledge:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

After doing so, the virus may automatically show it’s ransom note on the computers of victims.

.Sil3nt5pring Files Virus – Encryption Process

For the encryption process, SilentSpring ransomware may scan your computer for the types of file which are to be encrypted. These are file extensions, related to documents, audio files, videos and pictures. The file types, this ransomware may scan for and encrypt are likely the following:


After the files have been encrypted by this virus, they may start to appear like the following:

Remove SilentSpring Ransomware and Restore .Sil3nt5pring Encrypted Files

In order to remove this ransomware virus from your computer, recommendations are to follow the removal instructions underneath this article. They are divided in manual and automatic removal instructions to best suit your capabilities and if you lack the experience in removing malware, security experts recommend to download an advanced anti-malware software and scan your PC with it. Such program will make sure to automatically detect and remove all malicious files and objects, related to this ransomware infection on your computer and ensure that it is protected against infections in the future too.

If you want to restore files that have been encrypted by .Sil3nt5pring files virus, we advise you to try the alternative tools for file recovery underneath this article in step “2. Restore files, encrypted by .Sil3nt5pring Files Virus”. They may not be 100% effective, but may help you to recover as many encrypted files as possible.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share