Threat Database Ransomware HermesVirus HT Ransomware

HermesVirus HT Ransomware

By GoldSparrow in Ransomware

The HermesVirus HT Ransomware is a generic encryption Trojan that is created using the HiddenTear open-source ransomware. A threat actor downloaded a copy of the HiddenTear open-source ransomware from the Dark Web and made modifications to the source code and launched a spam campaign to distribute the threat to potential victims. The HermesVirus HT Ransomware is only different from variants like the CryBrazil Ransomware and the HiddenBeer Ransomware slightly, which are based on the same source code. The HermesVirus HT Ransomware is named after the '.hermes' extension displayed to PC users after the attack is complete. The HermesVirus HT Ransomware is programmed to encrypt data, overwrite the user's files and show new filenames. For example, the original file 'Burney Falls.png' is loaded in the memory, encrypted and deleted from memory. The HermesVirus HT Ransomware writes the encrypted version 'Burney' to the same location and removes any Shadow Volume snapshots Windows may have made recently. Affected users can find a ransom message titled 'HERMES DECRYPT FILES.txt' on their desktop that reads:

'All your information (documents, databases, backups and other files) of this computer was encrypted using the most cryptographic algorithms.
All encrypted files are formatted with .HERMES
You can recover files only with the help of a decryption and password, which, in turn, only we know.
It's impossible to pick it up.
Reinstalling the OS will not change anything.
No system administrator in the world can solve this problem Without knowing the password
In no case do not change the files! But if you want, make a backup copy.
Email us at
If they are not decrypted, then after 48 hours they will be deleted !!!
To contact us you can use Internet browser Explorer. C:, Program Files, Internet Explorer'

The ransomware actors may use email accounts like '' to communicate with users. The cybercriminals may try to convince you that there is a decoder for your data and you need only pay a few hundred dollars for the program. We recommend avoiding interaction with the HermesVirus HT Ransomware team because you might not receive a decoder. PC users can prepare for potential HermesVirus HT Ransomware attacks by installing a backup manager that can help with recovering lost data. Unfortunately, there is no reliable way to decrypt the data locked by the HermesVirus HT Ransomware. You should make backups frequently and erase the HermesVirus HT Ransomware using a reputable anti-malware utility.

1 Comment

My laptop affected by Herms Ransomeware and decrypted important files/ images.
Please suggest best way to deal with ransomeware and get back all the data.



Most Viewed