Hermes Ransomware [source: enigmasoftware]
by CIRT Team
Hermes Ransomware Description
The Hermes Ransomware was first observed in the wild on February 13, 2017. The Hermes Ransomware is a ransomware Trojan that identifies the files encrypted during its attack with the file extension ‘.HERMES.’ The Hermes Ransomware carries out a typical ransomware attack, which involves encrypting the victims’ files to demand the payment of a ransom. If your computer has been infected with the Hermes Ransomware, malware researchers recommend the use of a reliable security program and then the restoration of the affected files using backup copies. Unfortunately, the encryption algorithms used by the Hermes Ransomware (AES 256 and RSA 1024) mean that once the Hermes Ransomware has encrypted a file, it will no longer be recoverable without access to the decryption key.
How the Hermes Ransomwaremay be Installed on a Computer
The Hermes Ransomware is installed on victims’ computers after they open an unsolicited email attachment. In most cases, the documents used to distribute the Hermes Ransomware exploit vulnerabilities in macros, running corrupted code on the victim’s computer as soon as the document is opened. One way to prevent this from happening, apart from being cautious when handling unsolicited email attachments, is to disable the macro functionality in a common word processor software so that these corrupted macros will not run automatically. The Hermes Ransomware is capable of carrying out attacks on various versions of the Windows operating system, including both 64-bit and 32-bit versions of Windows 7, 8 and 10. The Hermes Ransomware will encrypt files on all local drives, as well as on external memory devices connected to the infected computer, also targeting directories that are shared on a network. The Hermes Ransomware will target various file types, including the following:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
For more, click here.