Hermes666 Ransomware

The Hermes666 Ransomware is a newly uncovered file-encrypting Trojan. Once dissected, this ransomware threat revealed to be a variant of the popular Maoloa Ransomware.

Propagation and Encryption

It has not known with any certainty what is the propagation method involved in the spreading of this data-locking Trojan. Some of the most common methods of propagating threats of this type may be at play in the case of the Hermes666 Ransomware too. Among these propagation techniques are spam emails containing macro-laced attachments, pirated fake variants of popular software, and bogus application updates. If the Hermes666 Ransomware manages to infiltrate your computer, it will scan it. The goal of this scan is to locate the files, which the Hermes666 Ransomware has been programmed to go after. Once a file undergoes the encryption process of this file-locking Trojan its name will be changed. The Hermes666 Ransomware appends a ‘.hermes666’ extension to the name of the newly locked file. This means that an audio file named ‘Onyx-on-Bronze.mp3’ will be renamed to ‘Onyx-on-Bronze.mp3.hermes666.’ However, this malware strain also is known to exist with various different names and using a number of extensions such as ‘.Also4444,’ ‘.Pig4444,’ ‘.Ox4444,’ ‘.Tiger4444,’ ‘.Ares666,’ ‘.Hades666’ and ‘.Persephone666.’

The Ransom Note

When the encryption process is over, the Hermes666 Ransomware drops a ransom note named ‘HOW TO BACK YOUR FILES.txt.’ The note reads:

’YOUR FILES ARE ENCRYPTED !!!
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!

DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:
eladovin1975@protonmail.com
ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:
…’

The attackers fail to mention a specific ransom fee, but you can be sure that they will demand payment. The creators of the Hermes666 Ransomware only provide the users with one email address where they can be contacted – ‘eladovin1975@protonmail.com.’

We would certainly recommend you to avoid contacting cyber crooks. They will promise you to decrypt your data if you pay them, but they deliver on their promises rarely. A much safer option is to download and install a reputable anti-malware application, which will wipe off the Hermes666 Ransomware from your PC.