Serpico Ransomware

Serpico Ransomware is a malicious computer infection that targets users residing in a specific location. The notification displayed by this program is in Serbo-Croatian, so it is possible to assume that this application mostly infects users in the Balkan area. However, if you happen to frequent the same websites or use the same services as users in Croatia or Serbia, it is very likely that you can get infected with Serpico Ransomware, too. Thus, please scroll down to the bottom of this description for the manual removal instructions, and destroy this infection immediately. Waiting and stalling will not solve this problem.

Our researchers have found that this program is a new version of the DetoxCrypto ransomware. It is the RaaS (Ransomware-as-a-Service) type of infection, which means that it can be sold for use on the dark net, and the criminals who infect you may share their profits with the original malware creators. Since this program can be used by anyone who has enough cash to buy it, it becomes harder to pinpoint its origins and who exactly is responsible for spawning this threat. What’s more, the cyber criminals who buy this infection can modify it the way they want, so there might be multiple versions of the same ransomware out there.

This program gets distributed like most of the ransomware apps out there, and it does not present us with anything new or unexpected. Serpico Ransomware travels around via spam email messages, and the installer file is usually disguised as a regular document file. For instance, in our case, the installer file for Serpico Ransomware was called Document.pdf.exe. Of course, if you are an experienced computer user, you will notice that something is off, since this file has two extensions. However, if this attachment comes with a “message” from a financial institution, some of the users would be more than willing to open this “PDF document” that supposedly carries an invoice or anything like that.

Needless to say, the moment you open the file, you launch the infection. The executable file drops the main Serpico Ransomware file in a new hidden folder titled Serpico. The folder is created in the %USERPROFILE% directory. Unless you have the Show hidden files and folders option ticked in your folder options, you will not be able to see it. The folder has five files: bg.jp, key.pkm, Serpico.exe, sound.wav, and total.pkm. Each file carries the specific information necessary for the ransomware to function properly. For example, bg.jpg is the picture used to change your desktop wallpaper, key.pkm stores the public encryption key, and total.pkm assumingly stores the encrypted file count.

What’s more, since there is the sound.wav file, it is easy to assume this ransomware infection “talks.” It only adds up to the overall panic when the user notices encrypted files because it is definitely not funny when the malicious program suddenly starts “talking” to you. The audio in the file is 43 seconds long, and it is continuously looped when the ransomware is launched. The message in Serbo-Croatian keeps on telling that your system has been compromised.

Then it goes on to say that you have to pay around 50EUR to restore your files, but before that, you should contact the criminals via motox2016@mail2tor.com. Of course, you should not be so hasty as to pay the ransom fee because paying does not guarantee getting the decryption key. It is possible to restore your files if you have a backup, and you can transfer the backup copies of your documents to your computer once you remove Serpico Ransomware for good. To remove this program, you can either follow the instructions below or acquire a powerful antispyware tool that will do this for you.

Whichever way you choose, the bottom line is that you must get rid of this infection as soon as possible. If you encounter any problem while trying to terminate the program, please do not hesitate to contact us by leaving a comment. We will be glad to assist you, and your feedback will help us improve our service. Also, please consider investing in a licensed antispyware tool to ensure your computer’s security in the future. You may encounter similar issues soon enough, so you have to be ready.

How to Remove Serpico Ransomware

1. Right-click your taskbar and click Task Manager on the menu.
2. Open the Processes tab and highlight MotoxUnlocker.exe and Serpico.exe.
3. Click End Process to kill both processes.
4. Open your Downloads folder and delete the file you ran right before the infection.
5. Press Win+R and type %USERPROFILE%. Click OK.
6. Go to Desktop and delete MotoxUnlock.exe.
7. Go back to the %USERPROFILE% directory and delete the Serpico folder.
8. Scan your computer with the SpyHunter free scanner.