Every once in a while, we encounter ransomware applications that are intended for a specific group of users. The most common way to customize these infections is to target a particular location. Serpico Ransomware is one of such programs that infect users mainly in the Balkan regions. That is easy to see from the ransom note the program displays because it is entirely in Serbo-Croatian. Nevertheless, the basic principle behind this application is still the same: It enters your computer because it needs your money, and it will try to bully you into paying the ransom fee. You have to be stronger than that and remove Serpico Ransomware without further ado.
We have actually covered similar programs before, and we can easily tell that this new infection is just another version of the DetoxCrypto ransomware. Just like its predecessor, the program spreads through spam email messages. It means that you need to delete all the messages from unfamiliar senders without even thinking of opening any of these messages. The attachment files that come with them are obviously the installer files for Serpico Ransomware, and a number of other ransomware applications. In fact, the prevention is far more effecting than the actual removal when it comes to similar computer threats, so please employ safe web browsing habits if you want to avoid such infections.
Upon the installation, Serpico Ransomware creates a new hidden folder titled “Serpico.” This folder carries several files that are used by the infection. There is a picture file that is used to display the ransom message on your screen, then there is a file that stores the encryption key, and there is also an audio file that supposedly plays the announcement about encryption. As you can see, this infection is heavily prepared to scare you into paying the ransom fee.
Of course, Serpico Ransomware has the main file that launches the infection, but that is not all. The ransomware also creates a copy of itself that is placed on your desktop. The file is called MotoxUnlocker.exe and, aside from the name, the file is identical to Serpico.exe that is located in the previously mentioned hidden folder. Upon the infection, your desktop background will be changed, and the audio file will be looped continuously. The message in the audio file is the same as in the ransom note, but it is impossible to close the audio file unless you open the Task Manager.
The ransom note is not too inventive. It says that you need to pay 50EUR to retrieve your files. Usually, ransomware programs have deadlines for payment, but there is no such information in Serpico Ransomware’s note. It only requires you to contact the people behind this infection via motox2016@mail2tor.com.
Unfortunately, no public decryption tool is available yet for this infection. You may need to restore your files from a backup. That is why security experts always emphasize how important it is to keep a file backup because you can never know when something happens to your hard drive. However, be sure to remove Serpico Ransomware for good before you copy and paste your files back. If the infection remains on your computer, it might encrypt the healthy files, too.