Like all ransomware, Hermes locks a victim’s files and demands payment to unlock them. Emsisoft battles ransomware like this on the front line daily, with the creation of free decrypters to help victims get their files back. But, what is actually involved in the creation of a decrypter? Today we explored exactly this via live stream as Emsisoft CTO and Head of our Malware Research Lab, Fabian Wosar, cracked Hermes.
Fabian decrypts Hermes by attacking the encryption generator
In a recent blog post, we discussed the best way to remove ransomware including the use of decrypters to unlock your files without paying the ransom. Today, in the video embedded below, Fabian demonstrated the way in which a decrypter is actually created. In the case of Hermes, Fabian was able to uncover the seed responsible for generating the file encryption and subsequently create the necessary key.
Important: Though we have demonstrated that a decryptor can be made for the Hermes Ransomware, it is not yet available. We will update both the decrypters site and the Emsisoft Blog when as soon as it is ready for use.
For more information on the identification and decryption of ransomware, see this interview with Michael Gillespie, security researcher at Malware Hunter Team and creator of IDRansomware.
Prevention is the best cure when it comes to ransomware
There are practical steps that can be taken to recover files once ransomware has taken hold, however, the key to protecting your private date lies in preparedness.
- Keep your software and operating systems up to date. Spring clean your system regularly.
- Do not install applications from unfamiliar sources or untrusted websites.
- Read permissions closely when requested by programs or apps.
- Back up data and devices frequently. Learn how on the Emsisoft Blog.
- Install and regularly update a quality anti-malware product such as Emsisoft Anti-Malware. Our software has a proven ability to capture and eliminate ransomware. Read about our performance against ransomware here.
- If infected, take every possible step to avoid paying. Remove ransomware the right way.
Have a nice (ransomware-free) day!