SerbRansom Ransomware

The SerbRansom Ransomware is a ransomware Trojan that seems to be connected to the proponents of extremist nationalist ideas. The SerbRansom Ransomware is just one of various ransomware variants developed to carry out ransomware attacks on unsuspecting victims. Currently, the SerbRansom Ransomware does not seem to be part of a large-scale distribution campaign. Apart from the fact that there is no mass distribution being carried out in association with the SerbRansom Ransomware, the SerbRansom Ransomware threat itself is lower in quality than many other ransomware Trojans active currently.

The SerbRansom Ransomware Targets Serbian Computer Users Mainly

It seems that the SerbRansom Ransomware has not been responsible for actual attacks currently, although this could change eventually. The SerbRansom Ransomware displays a message designed to scare computer users into believing that the SerbRansom Ransomware will delete a file at random on the victim's computer every five minutes. However, the SerbRansom Ransomware is not capable of deleting files or carrying out this kind of attack.

The SerbRansom Ransomware is implemented with very basic code and encryption. The SerbRansom Ransomware was created using a ransomware builder, which allows the people responsible for the SerbRansom Ransomware attack to generate customized SerbRansom Ransomware versions to carry out other ransomware attacks.

How the SerbRansom Ransomware Builder Works

Using the SerbRansom Ransomware builder, con artists can create specific versions of the SerbRansom Ransomware attack. The following aspects of the SerbRansom Ransomware can be customized using the ransomware builder:

• The targeted file extensions.
• The type of encryption key used.
• The BitCoin wallet address displayed in the SerbRansom Ransomware's ransom message.
• The email account associated with the attack.
• The extension that is appended to each affected file's name.
• A maximum file size for the targeted files.
• The use of obfuscation and means to hide communications.
• Whether to use techniques to detect virtual environments.
• Whether to target other Windows features such as the System Restore or the Shadow Volume Copies.

Using the SerbRansom Ransomware, con artists can create both the SerbRansom Ransomware executable itself and the decryptor that would be sent to the victim after the ransom is paid. Although PC security analysts consider the SerbRansom Ransomware a low-level threat, it is possible that the ransomware builder may be used to carry out additional attacks or monetized as a way to allow other people to create these attacks. As with other ransomware Trojans, PC security researchers advise computer users to take preventive measures against the SerbRansom Ransomware.

The SerbRansom Ransomware’s Ultra-Nationalist Roots

During the attack, the SerbRansom Ransomware will display an audio from a YouTube video that includes a Serbian national song that has been linked to an ultra-nationalist movement that claims that 'Kosovo is Serbia.' The SerbRansom Ransomware has been linked to a hacker that goes by the name of R4z0rx0r who is clearly Serbian and has been linked to other attacks, generally targeting Croatian Web pages and other supposed 'enemies' of Serbia. The SerbRansom Ransomware asks for a variable ransom amount, depending on the victim. In the case of the SerbRansom Ransomware variant, in particular, the affected files will have the extension '.razarac' added to the end of the file name, which is the Serbian word for 'destroyer.' However, the SerbRansom Ransomware is created with a ransomware builder that allows con artists to customize their attack, including the file extension that is used to identify the affected files. Malware researchers, tracking the hacker responsible for the SerbRansom Ransomware through his forum posts, have noted that it is possible that a real life identity has been linked to this person, although additional information has not been released publicly until further proof of this hacker's identity is revealed.