Severity scale  
  (98/100)

Serpent ransomware virus. How to Remove? (Uninstall Guide)

removal by - -   | Type: Ransomware
12

What is known about Serpent ransomware virus?

Serpent virus is a new family member of the Hades Locker and Wildfire ransomware family, which was spotted attacking Danish computer users. This file-encrypting virus uses a traditional infiltration method - malicious spam emails[1]. The infected email pretends to be an invoice and includes a download link to the MS Office document. If people agree to enable Macros[2] in this document, Serpent ransomware gets inside the system and locates itself in the newly created folder under %AppData% directory. Then, the malware checks whether the victim is from the targeted country or not. If victim’s IP address reveals that he or she is from Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, or Tajikistan, malware simply exists and does not encrypt your files. Sadly, computer users from other countries will have to deal with unpleasant features of the ransomware. After checking the IP address, Serpent malware connects to its Command & Control server[3] and sends details about the victim: the IP address and country, unique hardware ID and campaign ID. Then, the Server generates RSA key to encrypt targeted 876 files. During data encryption, all files are secured by both RSA-2048 and AES-256 algorithms and gets a .serpent file extension. Data recovery without necessary decryption key is nearly impossible if a victim does not have data backups. Not only ransomware deletes Shadow Volume Copies[4] but also overwrite deleted data by using Cipher.exe command.

Following successful data encryption, Serpent virus drops two files on the desktop - HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].html and HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].txt. These files are ransom notes where victims are informed that they need a specific Serpent Decrypter to restore their files. Hackers offer them a chance to use it in exchange of 0.75 Bitcoins. However, if victims won’t transfer the money in 7 days, the price will rise to 2.25 Bitcoins. In the payment website, developers provide detailed instructions how the transaction has to be made. However, we want to discourage you from having business with cyber criminals. Nevertheless, you do not have data backups, remove Serpent from the PC. Paying the ransom may not bring back your files; hence you may lose lots of money[5]. You can always try additional data recovery methods and wait while malware researchers create a free decryption software. Take our advice and scan the computer with Reimage and start Serpent removal immediately.

How do developers distribute this ransomware virus?

Serpent ransomware spreads via malicious spam emails and their attachments. Danish computer users received an email which has a subject line "Sidste påmindelse for udestående faktura 1603750", which informs about last remind for the outstanding invoice. As we already mentioned, the message includes a download link from where victims are asked to download the Word document. Malware is executed as soon as victim activate Macros by clicking "Enable content" button in the infected document. In order to avoid Serpent hijack or other ransomware viruses, you should be careful with received emails. Do not open provided links or download attached documents. As you can see, even safe looking files might include a dangerous virus.

Guidelines for Serpent removal

After ransomware attack, lots of computer users think about data recovery. However, it's just a second step. While malware is inside your device, all attempts to restore your files are the waist of time. For Serpent removal, you need to use strong antivirus program such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware. Install one of these tools, update it and run a full system scan. If malware blocks access to the program or prevent from installing it, scroll down to the instructions below. There you will find two methods that will help to access security tools and remove Serpent automatically. Sadly, virus elimination won't recover your files. However, our team has prepared few suggestions that may help to restore at least some of your files.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Serpent ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Serpent ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2017-02-10 01:40)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2017-02-10 01:40)
Hitman Pro
Webroot SecureAnywhere AntiVirus

References

Method 1. Remove Serpent using Safe Mode with Networking

If malware prevents from installing or scanning the system with antivirus or anti-malware software, please follow the instructions to reboot your device to the Safe Mode. Then, initiate automatic removal again.

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove Serpent

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Serpent removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove Serpent using System Restore

If the previous method did not work, follow this method below:

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of Serpent. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Serpent removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Serpent from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Nevertheless, there's no free decryption tool created at the moment, you should not pay the ransom! Cyber criminals may leave you with nothing!

If your files are encrypted by Serpent, you can use several methods to restore them:

Data Recovery Pro might help to restore files encrypted by Serpent virus

This professional tool may help to restore at least some of the damaged files. It was created to help people retrieve deleted, corrupted or encrypted files. Follow the steps:

Try to restore files encrypted by Serpent ransomware using Windows Previous Versions feature

If System Restore function has been enabled before ransomware attack, you can try to recover individual files by following these steps:

  • Find an encrypted file you need to restore and right-click on it;
  • Select "Properties" and go to "Previous versions" tab;
  • Here, check each of available copies of the file in "Folder versions". You should select the version you want to recover and click "Restore".

Unfortunately, there's no tool that can decrypt files encrypted by Serpent ransomware virus

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Serpent and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Harold Dalma
Harold Dalma - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Removal guides in other languages


Information updated:

Comments on Serpent ransomware virus

0
0
Annette
You know, its scary to learn that some hackers got inside your PC and stole your files... Luckily, I decided to Google for information and found your website. Indeed, I was thinking about paying the ransom...
0
0
Manuel
You made my day! I thought I wont be able to restore my files, but the password is valid!
0
0
Marian
Password works! Thank you!
0
0
Getske
Which password and what works?

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)