Serpico Ransomware

The Serpico Ransomware is a file encrypting Trojan that bases itself on the same code as the DetoxCrypto Ransomware. Although the Serpico Ransomware doesn't rename any attacked files, your encrypted data remains unusable until it, theoretically, is decrypted. These attacks include messages for paying con artists to gain access to a decryptor, but malware experts recommend using standard data recovery techniques, combined with anti-malware products that can remove the Serpico Ransomware.

Your Second Trip to Digital Detox Thanks to a Trojan Serpent

Many threatening software campaigns target relatively predictable regions, such as banking Trojans distributing themselves to areas with substantial financial activity (such as Brazil during the Olympics). Others like the Serpico Ransomware may target other nations seemingly randomly, although their threat actors often have personal motivations for their choices of victims. The Serpico Ransomware campaign uses language local for Bosnia, Croatia and Serbia, which makes it one of the most linguistically narrowly-targeted threats of the year.

The Serpico Ransomware's unusual regional preferences don't correspond to creative choices in code; most of this Trojan derives itself from the previous DetoxCrypto Ransomware, which was most notable for including limited spyware features and a Pokemon-themed extortion image. The Serpico Ransomware's attacks include:

• The Serpico Ransomware encrypts slightly over fifty formats of data, including JPG, ZIP, XML, CAB and DOCX. Unlike almost every other file encryption Trojan, the Serpico Ransomware does not make any modifications to their names, which forces PC users to open files one by one to estimate the damage.
• The Serpico Ransomware locks the desktop's wallpaper to a ransom-themed image.
• Another, strictly aesthetic inclusion is the automated launch of an audio file. PC users may be unable to turn the sound off due to other measures (seen below).
• The last, significant symptom of the Serpico Ransomware infection is its advanced HTML pop-up, which provides interactive ransom-paying controls and an explanatory note in Croatian Latin. This pop-up doubles as a lock-screen attack that stops the victim from accessing the desktop or other software.

Cutting the Head Off of a Cyber Serpent with Many Necks

The Serpico Ransomware's ransom note claims that it is a version of the well-known CryptoLocker Trojan. This warning is one that's common to similar campaigns of corrupted file encryption, and but rarely corroborates with reality. Malware experts see no connections between the two threats, and the Serpico Ransomware's most likely, nearest ancestor is the DetoxCrypto Ransomware.

Free decryption for Trojans, even those of notable families, often is unavailable. Malware analysts often document con artists rejecting requests for assistance, even when the victim pays in full. Since many anti-malware solutions show high detection rates for the Serpico Ransomware (albeit as a variant of Perseus), having good security standards can simplify the process of avoiding all file damage from this threat.

PC owners in the noted regions are most likely to need anti-malware solutions able to remove the Serpico Ransomware infections. However, malware experts see very similar attacks ranging across the rest of the world, raising the point that living in a particular area doesn't make you (or your files) safe.

Technical Details