SerbRansom Ransomware

SerbRansom Ransomware Description

The SerbRansom Ransomware is a ransomware Trojan that seems to be connected to the proponents of extremist nationalist ideas. The SerbRansom Ransomware is just one of various ransomware variants developed to carry out ransomware attacks on unsuspecting victims. Currently, the SerbRansom Ransomware does not seem to be part of a large-scale distribution campaign. Apart from the fact that there is no mass distribution being carried out in association with the SerbRansom Ransomware, the SerbRansom Ransomware threat itself is lower in quality than many other ransomware Trojans active currently.

The SerbRansom Ransomware Targets Serbian Computer Users Mainly

It seems that the SerbRansom Ransomware has not been responsible for actual attacks currently, although this could change eventually. The SerbRansom Ransomware displays a message designed to scare computer users into believing that the SerbRansom Ransomware will delete a file at random on the victim's computer every five minutes. However, the SerbRansom Ransomware is not capable of deleting files or carrying out this kind of attack.

The SerbRansom Ransomware is implemented with very basic code and encryption. The SerbRansom Ransomware was created using a ransomware builder, which allows the people responsible for the SerbRansom Ransomware attack to generate customized SerbRansom Ransomware versions to carry out other ransomware attacks.

How the SerbRansom Ransomware Builder Works

Using the SerbRansom Ransomware builder, con artists can create specific versions of the SerbRansom Ransomware attack. The following aspects of the SerbRansom Ransomware can be customized using the ransomware builder:

  • The targeted file extensions.
  • The type of encryption key used.
  • The BitCoin wallet address displayed in the SerbRansom Ransomware's ransom message.
  • The email account associated with the attack.
  • The extension that is appended to each affected file's name.
  • A maximum file size for the targeted files.
  • The use of obfuscation and means to hide communications.
  • Whether to use techniques to detect virtual environments.
  • Whether to target other Windows features such as the System Restore or the Shadow Volume Copies.

Using the SerbRansom Ransomware, con artists can create both the SerbRansom Ransomware executable itself and the decryptor that would be sent to the victim after the ransom is paid. Although PC security analysts consider the SerbRansom Ransomware a low-level threat, it is possible that the ransomware builder may be used to carry out additional attacks or monetized as a way to allow other people to create these attacks. As with other ransomware Trojans, PC security researchers advise computer users to take preventive measures against the SerbRansom Ransomware.

The SerbRansom Ransomware's Ultra-Nationalist Roots

During the attack, the SerbRansom Ransomware will display an audio from a YouTube video that includes a Serbian national song that has been linked to an ultra-nationalist movement that claims that 'Kosovo is Serbia.' The SerbRansom Ransomware has been linked to a hacker that goes by the name of R4z0rx0r who is clearly Serbian and has been linked to other attacks, generally targeting Croatian Web pages and other supposed 'enemies' of Serbia. The SerbRansom Ransomware asks for a variable ransom amount, depending on the victim. In the case of the SerbRansom Ransomware variant, in particular, the affected files will have the extension '.razarac' added to the end of the file name, which is the Serbian word for 'destroyer.' However, the SerbRansom Ransomware is created with a ransomware builder that allows con artists to customize their attack, including the file extension that is used to identify the affected files. Malware researchers, tracking the hacker responsible for the SerbRansom Ransomware through his forum posts, have noted that it is possible that a real life identity has been linked to this person, although additional information has not been released publicly until further proof of this hacker's identity is revealed.

Infected with SerbRansom Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect SerbRansom Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 14 + 3 ?