Serpent Ransomware is a newly discovered data-encrypting malware which is affecting European region to the most. It spreads using spam email campaign. The related email looks like an spam invoice or bill and also contains a link for downloading MS Office doc. Its payloads and files get installed in the newly created folder named as %AppData% directory. After settling down, it checks the IP address of the work-station in order to know the geographical location. Once it confirms that the PC is present in particular region, the work-station is connected with the command and control server of Serpent Ransomware. This connected server generates RSA key for encrypting the targeted 876 files. The files get encrypted with RSA-2048 and AES-256 encryption algorithm and its extension gets replaced with .serpent. It cannot be accessed until you have the necessary key.
Once Serpent Ransomware successfully gets installed, it drops two files in the encrypted files folders named as HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].html and HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].txt. This file contains ransom note where the victim is asked to pay certain ransom money to get decryption key for storing the locked files. It claims to increase the Bitcoin price as the time passes. However, cyber-experts strongly discourage paying the ransom money. Paying the ransom money may not get your encrypted data back because you will not get the true decryption key even after the money is paid. It is important to you remove all the files and payloads of Serpent Ransomware from the System so that it could not attack any other files stored in the work-station. It is recommended to scan your PC with a powerful anti-malware tool.
How Serpent Ransomware gets distributed?
If you take some precautionary methods then it will be the best way to stay safe from infections such as Serpent Ransomware. First of all, you should be very careful regarding spam email attachments campaign. As of in this case, the victim receive an email which contains reminder of the outstanding invoice. It contains a MS Word doc which is asked to be downloaded. This malware becomes active as soon as the victim agrees to click on the “Enable Content” button present in the infected document. So, you should be careful regarding the received emails. Focus on the senders name, address and grammatical mistakes on it. Don’t open email attachments coming from unknown senders.Read More