Emsisoft reverses and decrypts Hermes ransomware in real-time

Emsisoft reverses and decrypts Hermes ransomware in real-time

Like all ransomware, Hermes locks a victim’s files and demands payment to unlock them. Emsisoft battles ransomware like this on the front line daily, with the creation of free decrypters to help victims get their files back. But, what is actually involved in the creation of a decrypter? Today we explored exactly this via live stream as Emsisoft CTO and Head of our Malware Research Lab, Fabian Wosar, cracked Hermes.

Fabian decrypts Hermes by attacking the encryption generator

In a recent blog post, we discussed the best way to remove ransomware including the use of decrypters to unlock your files without paying the ransom. Today, in the video embedded below, Fabian demonstrated the way in which a decrypter is actually created. In the case of Hermes, Fabian was able to uncover the seed responsible for generating the file encryption and subsequently create the necessary key.

Important: Though we have demonstrated that a decryptor can be made for the Hermes Ransomware, it is not yet available. We will update both the decrypters site and the Emsisoft Blog when as soon as it is ready for use.

For more information on the identification and decryption of ransomware, see this interview with Michael Gillespie, security researcher at Malware Hunter Team and creator of IDRansomware.

Prevention is the best cure when it comes to ransomware

There are practical steps that can be taken to recover files once ransomware has taken hold, however, the key to protecting your private date lies in preparedness.

Have a nice (ransomware-free) day!