Recent Articles
How To Recover Overwritten Files
The Snowflake Data Breach: A Comprehensive Overview
Mac Not Recognizing External Hard Drive: Quick Fix Solutions
How Multi-Cloud Backup Solutions Can Prevent Data Disasters
Capibara Ransomware: What is it & How to Remove
What Should a Company Do After a Data Breach: The Ticketmaster Incident
Secles Ransomware: Removal Guide
What To Do When Your Chromebook Freezes
How to Create Hyper-V Backup
What Is The Best Data Recovery Software For PC
Bogdan Glushko
CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
Hermes is a piece of malware that encrypts your files and demands a ransom for their decryption. Hermes 2.0 Ransomware is an updated version of Hermes Ransomware that uses a new encryption method.
History
Hermes Ransomware was first discovered in February 2016 by security researcher Kafeine. This ransomware is a variant of Locky, which is one of the most prevalent pieces of ransomware. Hermes uses the RSA-2048 encryption algorithm to encrypt your files.
Hermes 2.0 Ransomware was first discovered in May 2016 also by security researcher Kafeine. Hermes 2.0 uses the AES-256 encryption algorithm to encrypt your files.
What types of files do Hermes Ransomware and Hermes 2.0 encrypt?
Hermes and Hermes 2.0 will encrypt almost all types of files on your computer, including documents, pictures, music, and videos. Hermes and Hermes 2.0 Ransomware will also encrypt any type of file that is connected to a network share.
How do Hermes and Hermes 2.0 work?
When Hermes Ransomware either Hermes 2.0 encrypts a file, it will append the “.hermes” extension to the encrypted file. For example, if Hermes Ransomware or Hermes 2.0 encrypts a file named “1.jpg”, the encrypted version of the file would be named “1.jpg.hermes”.
After Hermes or Hermes 2.0 Ransomware has finished encrypting your files, it will drop a text file named “_README_FILES.txt” in each directory that contains encrypted files. The _README_FILES.txt file contains Hermes Ransomware’s ransom demand.
How much is the ransom?
Hermes, or Hermes 2.0 Ransomware, will demand a ransom of 0.5 Bitcoin. But the amount of the ransom can change over time.
Hermes Ransomware will give you 96 hours, or 4 days, to pay the ransom. If you do not pay the ransom within 96 hours, Hermes ransomware will delete your private encryption key, which means that you will no longer be able to decrypt your files.
What were the biggest Hermes Ransomware attacks?
Attackers have used the Hermes Ransomware in several high-profile attacks. In February 2016, they used Hermes in an attack on the Hollywood Presbyterian Medical Center. The hospital ended up paying a ransom of $17,000 to decrypt their files.
In May 2016, Hermes 2.0 Ransomware was used in an attack on the San Francisco Municipal Transportation Agency (SFMTA). The SFMTA had to shut down its computer systems for a week while they recovered from the attack.
Protection
There are a few things you can do to protect yourself from Hermes Ransomware and Hermes 2.0 Ransomware:
Back up your files: This is the most important thing you can do to protect yourself from ransomware. By having backups of your files, you can simply restore them if you ever become infected with ransomware.
Keep your anti-virus software up-to-date: Anti-virus software can detect and remove Hermes Ransomware and Hermes 2.0 before it has a chance to encrypt your files.
Avoid opening email attachments from unknown senders: Hermes and Hermes 2.0 Ransomware are both typically spread via email attachments. Avoid opening email attachments from unknown or untrusted sources to protect yourself.
What should you do?
If you believe that they infected you with Hermes Ransomware or Hermes 2.0 Ransomware, the first thing you should do is disconnect your computer from the internet. This will prevent the ransomware from spreading to other computers on your network.
Next, you should scan your computer with anti-virus software to remove Hermes Ransomware or Hermes 2.0 Ransomware. After the ransomware has been removed, you can then restore your files from backup.
If you do not have backups of your files, you may be out of luck. Hermes Ransomware and Hermes 2.0 Ransomware both use strong encryption algorithms that make it very difficult (if not impossible) to decrypt your files without paying the ransom. However, we do not recommend paying the ransom as there is no guarantee that you will receive a decryption key even if you do pay.
Hermes Ransomware and Hermes 2.0 Ransomware are both pieces of malware that should be avoided at all costs. By taking some simple precautions, you can protect yourself from these ransomware threats.
Public decryption tool
Hermes Ransomware and Hermes 2.0 Ransomware both have no free decryptors available from Emsisoft.
Use a recovery software
You can always try data recovery software to restore your data. We built SalvageData data recovery software to help you.
Contact a data recovery service
If you’re not comfortable doing it yourself, please reach out to a data recovery service.
SalvageData Recovery Services is here to help. SalvageData has vast experience in data recovery services and can handle the most complex cases.
We offer a free consultation to discuss your options and what we can do to help you recover your data. Contact us right now to learn more.
