SerbRansom 2017 Ransomware

SerbRansom 2017 Ransomware Overview
The SerbRansom 2017 ransomware is a new malware threat which was just reported by the security community.

The initial analysis shows that its created by an independent hacker and is not based off the code of the famous families. The person behind it is known as R4z0rx0r Serbian Hacker.

It exhibits typical behaviour patterns which we are accustomed to. The encryption engine uses the AES cipher to encrypt target user data. After this is done the virus crafts a ransomware note which extorts the victim computer user for a ransomware fee. All affected files are renamed using the .velikasrbija extension.

To further pressure the users into paying the quoted sum of 500 US Dollars in Bitcoins, the virus deletes a random file every 5 minutes.

SerbRansom 2017 Ransomware Note
YOUR FILES HAS BEEN ENCRYPTED WITH SERBRANSOM 2017 "How to recover?""Your personal info:""Username: %USERNAME%""PC-name: %PCNAME%""Local IP: %IP%""To decrypt all your data you need to pay 500$ with BitCoin here > WALLET_ID_BTC""Send an email to us with payment (screenshot) EMAIL""Every random file will be removed permanently after 05:00 minutes!""Antivirus will not help you to decrypt your data 🙁"

SerbRansom 2017 Ransomware Distribution
The SerbRansom 2017 Ransomware is distributed mainly by using the most popular infection strategies. They include spam email campaigns that link or bundle the dangerous payloads.

The ransomware is also being sold on underground black markets where viruses are often traded or auctioned. Attacks can be initiated using infected software installers, browser hijackers, malicious ads and more.

SerbRansom 2017 Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.