This topic can be used to discuss this ransomware and receive support on it.
Jump to content
Posted 09 February 2017 - 03:42 PM
Posted 22 February 2017 - 11:00 AM
My mother has this problem. She opened a spammail, then it asked to restart the computer and now everything is encrypted with the extension .serpent
Is there a tool to decrypt the files? Or will there be a tool created and do we need to wait for it?
How can we delete the virus?
Will deleting the virus cause damage to the files?
If you need more information, please ask it.
Posted 22 February 2017 - 05:20 PM
Sorry to hear about this infection your Mom is dealing with.
I am not aware of a decryption tool for this infection. If one were available, Grinler would have mentioned that in the write-up above. We have no way of knowing when of if a decryption tool ever will be created. When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.
In cases where there is no free decryption fix tool and victims are not willing to pay the ransom, the only other alternative is to backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.
Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus. Disinfection will not help with decryption of any files affected by the ransomware.
If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes 3.0, HitmanPro and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.
Posted 23 February 2017 - 06:18 AM
Thank you for the information.
I read somewhere that if you have a copy of a file before the infection you can unravel the secret code to decrypt all your files. Is this true?
Posted 23 February 2017 - 07:49 AM
Posted 11 April 2017 - 10:31 AM
i am also infected by this virus
is it possible to decrypt for free?
Posted 11 April 2017 - 12:48 PM
Posted 12 April 2017 - 02:21 AM
thanks i have decided to pay 0.5 bitcoin ransom to get the decrypting password
got my files back now
Posted 12 April 2017 - 05:24 AM
0 members, 0 guests, 0 anonymous users