Hermes837 Ransomware
The Hermes837 Ransomware is a file-locker Trojan that can block files on Windows machines and holds them for ransom. Affected formats include movies and other, media-based content in various locations. Users should keep Windows anti-malware solutions nearby for deleting the Hermes837 Ransomware as soon as possible, and backups for recovering anything that it locks.
Flying on Winged Feet for Your Files
Greek mythology is a deep well for threat actors' delving, whenever they need a brand for their latest Trojan campaigns. The recurrence of similar naming conventions can cause some difficulties in identifying a threat adequately, however. For example, the Hermes837 Ransomware only is the newest, Hermes-based, file-locker Trojan of the year. Besides the name, it has no relationship with the BitMessage-using Hermes 2.1 Ransomware, the SHACAL-2-encrypting Hermes666 Ransomware, or Hidden Tear's HermesVirus HT Ransomware fork.
Although it's not an update or relative of any of the above, the Hermes837 Ransomware, like all of them, targets Windows machines with encryption-based attacks. Its AES-encrypting efforts will lock content that malware experts confirm for including AVI movies, Word documents and other media. It also targets the user's desktop in this file-hostage-taking routine.
Two symptoms of the Hermes837 Ransomware infections include a Notepad ransom note and a 'hermes836' extension, in lower-case, which the Trojan adds to the victim's media. The TXT instructions are in grammatically-poor English and follow a similar template to those of the Globe Ransomware or the Crysis Ransomware: they give the user an ID and an e-mail for negotiating. It doesn't provide a specific price point for buying the decryptor and no reassurances for recovering anything after paying.
Subtracting the Guesswork from Getting Your Work Back
Besides its using AES as its algorithm of choice, malware experts can verify little about the Hermes837 Ransomware's file-locking methodology. It may or may not be fitting for decrypting through freeware tools. For keeping the gamble out of any file recovery routines, Windows users should update backups that they save onto other, secure devices, such as a cloud service or a portable thumb drive regularly.
Besides the traditional offer of a 'free demo' of their decryptor, the Hermes837 Ransomware's note provides other details that malware experts find worth mentioning. The Hermes837 Ransomware's campaign isn't targeting specific nationalities, unlike, for instance, the Southeast Asian-preferring STOP Ransomware family. It also warns that users uploading database information elsewhere will suffer a steep penalty in the ransom's price. This final detail is a possible means of hampering users from assisting with threat database entries and furthering the Hermes837 Ransomware's analysis.
The Hermes837 Ransomware's samples are circulating as 32-bit, Windows executables. Users should depend on compatible anti-malware applications for deleting the Hermes837 Ransomware as appropriate, and most services should recognize it as being a threat. The Hermes837 Ransomware, despite the numerical add-on to its name, isn't an update of the old Hermes Ransomware. It is, however, just as much of a problem for anyone who forgets their backups more than is healthy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.