Hermes 2.1 Ransomware

The Hermes 2.1 Ransomware is a recent release of the Hermes Ransomware, a file-locking Trojan that holds your PC's media hostage for profit. While the Hermes 2.1 Ransomware's payload has some minor reconfiguring in its encryption method, it continues being able to block files arbitrarily and indefinitely, along with erasing any local backups the user might possess. You always can uninstall the Hermes 2.1 Ransomware safely with anti-malware products, although your private data may be irrecoverable.

A Greek God Gets an Update to Divine Judgment

While free decryption solutions for the old Hermes Ransomware remain theoretical, its threat actors are updating the Trojan regardless, possibly to boost their detection avoidance with AV products. The newer version of the Trojan self-identifies as being the Hermes 2.1 Ransomware, with a slight change to how it identifies and blocks victimized files. Extra traits that the Hermes 2.1 Ransomware still shares with its predecessor include its Web page-based ransoming instructions and attacks that could cause additional data loss.

The Hermes 2.1 Ransomware doesn't insert markers into the internal data of the files it locks, although it retains full data-enciphering capabilities, through a combination of default Windows functions and an RSA algorithm. The attack keeps the content that the Hermes 2.1 Ransomware damages from being readable, and, in the meantime, victims can confirm which files are affected with their '.HRM' extensions (which is a change from the previous '.HERMES' one). A related BAT file of the Trojan also issues instructions to Windows to delete Shadow Copy-based backups silently, along with the contents of different recovery folders (including 'Backup,' 'backup,' 'bak,' and 'VHD').

Once the Hermes 2.1 Ransomware held your media hostage and removed any local recovery methods, the Hermes 2.1 Ransomware creates an HTML page. Right now, this page shows only the threat actor's BitMessage-based communication preferences and a short warning message stating their preference for Bitcoin. Since RSA is challenging to decrypt frequently, malware researchers warn that alternate options for unlocking any encoded media may not be available necessarily.

Playing Interception for a Messenger-God's Misconducts

While the Hermes 2.1 Ransomware's ransom note is terser than those of some campaigns, it accomplishes the goal of providing hands-on communications to accompany its leverage effectively, through which a cybercrook could accept money without giving any files back to the user. The Hermes 2.1 Ransomware does offer 'trial' unlocking options that the victims may use for a small amount of media, but, for most victims, backing up their content beyond the Hermes 2.1 Ransomware's reach is the most practical recovery method. Detached, portable hard drives and cloud storage networks with protected logins both may compensate for this Trojan's capacity for deleting data.

The Hermes 2.1 Ransomware and the previous Hermes Ransomware both have an absence of personal, self-distributing features, but may distribute themselves with other threats' help. Examples of exploits that malware experts often find in reuse include e-mail attachments that install Trojans once their contents are enabled, exploit kits that take advantage of your Web browser's security vulnerabilities and erroneously-named piracy downloads. Professional anti-malware products, while not able to unlock your files directly, can protect them by removing the Hermes 2.1 Ransomware on sight.

The Hermes 2.1 Ransomware isn't the most important name in the field of threatening software, but its updates are a sampling of how its threat actors are far from done with their attacks. When little more than a simple Windows feature like 'CryptGenRandom' is a danger to your media, there's no adequate excuse for assuming it always will be safe.

Technical Details