Hermes Ransomware

Hermes Ransomware Description

The Hermes Ransomware was first observed in the wild on February 13, 2017. The Hermes Ransomware is a ransomware Trojan that identifies the files encrypted during its attack with the file extension '.HERMES.' The Hermes Ransomware carries out a typical ransomware attack, which involves encrypting the victims' files to demand the payment of a ransom. If your computer has been infected with the Hermes Ransomware, malware researchers recommend the use of a reliable security program and then the restoration of the affected files using backup copies. Unfortunately, the encryption algorithms used by the Hermes Ransomware (AES 256 and RSA 1024) mean that once the Hermes Ransomware has encrypted a file, it will no longer be recoverable without access to the decryption key.

How the Hermes Ransomwaremay be Installed on a Computer

The Hermes Ransomware is installed on victims' computers after they open an unsolicited email attachment. In most cases, the documents used to distribute the Hermes Ransomware exploit vulnerabilities in macros, running corrupted code on the victim's computer as soon as the document is opened. One way to prevent this from happening, apart from being cautious when handling unsolicited email attachments, is to disable the macro functionality in a common word processor software so that these corrupted macros will not run automatically. The Hermes Ransomware is capable of carrying out attacks on various versions of the Windows operating system, including both 64-bit and 32-bit versions of Windows 7, 8 and 10. The Hermes Ransomware will encrypt files on all local drives, as well as on external memory devices connected to the infected computer, also targeting directories that are shared on a network. The Hermes Ransomware will target various file types, including the following:


The encrypted files will have the '.HERMES' extension added to the end of the file name. The Hermes Ransomware will drop an HTML file named 'DECRYPT_INFORMATION.html,' which opens in the victim's Web browser and displays the following ransom note:

'Hermes Ransomware
All your important files are encrypted
Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC. There is only one way to get your files back: contact with us, pay, and get decryptor software.
You have "UNIQUEID_DO_NOT_REMOVE" file on your desktop also it duplicated in some folders, its your unique idkey, attach it to letter when contact with us. Also you can decrypt 3 files for test. We accept Bitcoin, you can find exchangers on [LINK TO BITCOIN.COM] and others. Contact information:
primary email: BM-2cXfK4B5IA/9nvci7dYxUhuHYZSmJZ9zibwH©
reserve email:'

PC security analysts strongly advise computer users to disregard the Hermes Ransomware message.

Dealing with the Hermes Ransomware

Malware analysts advise computer users to avoid contacting the people at the email address mentioned in the ransom note or paying the Hermes Ransomware's ransom. In many cases, the people responsible for the Hermes Ransomware and similar attacks will not deliver on their promise to provide the decryption key and, even if they do, paying the Hermes Ransomware ransom allows them to continue carrying out attacks on innocent computer users. Preventive measures are the best way to deal with the Hermes Ransomware. Simply having regular backups of all files makes computer users invulnerable to attacks like the Hermes Ransomware. If the possibility to recover all the files from a backup exists, then the extortionists lose any leverage to demand the payment of a ransom from the victim of a Hermes Ransomware attack.

Infected with Hermes Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Hermes Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 12 + 5 ?