Despite the incessant efforts of Cyber security professionals to curb cyber-crimes, cyber criminals are reluctant to take a back seat. Security threats are on the rise hitting critical services at large. These crypto maniacs have evolved vicious and harmful tactics over time to extort users of their hard earned money.
Among all the cyber threats launched, ransomware attacks are garnering more attention lately. Though Ransomware attacks are not new to the cyber world, They have certainly gained intensity over time. While people are still struggling with this form of cyber threat, attackers have moved a step ahead by launching Raas (Ransomware-as-a-Service) attack.
Under this service, threat actors provide a complete malicious kit capable of launching ransomware attack. Availability of these packages reduces the need to code malware. Subscription to this malicious model allows even a novice cyber-criminal to launch a ransomware attack without much difficulty.
This ransomware kit provides step-by-step instruction on the technical know-how to launch the ransomware attack. Once the attack is successful, the ransom money is shared among attackers, coders and service providers.
One such RaaS malware recently discovered is Hermes Raas virus. Criminal minds who aspire to earn easy money have to pay 5300 USD to purchase this malware kit. Additional sum is levied in order to make a purchase of supplementary distribution variants such as automated email accounts.
This malicious ransomware once injected infects the system files. The filenames are appended with ‘.hrm’ extension rendering them useless.
The victim is informed about the infection via a ransom note dropped on the system with the file name ‘DECRYPY_INFORMATION.html’. The note reads as:
The files that the ransomware Hermes RaaS targets include:
.bac, .cmb, .win, .htm, .html, .pfx, .pdf, .doc, .docx, .docm, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .jpg, .jpeg, .png, .bmp, .jiff, .key, .egg, .zip, .zipx, .7z, .rar, .jif, .csv, .msg, .dot and various other extensions.
All local drives are at risk with the devious injection of Hermes Ransomware in the system. The malicious system infection does not even spare external memory devices or shared directories on a network.
The ransomware is distributed via unsolicited email attachments. Hermes Ransomware exploits the vulnerabilities in macros, a feature that is useful to automate frequently used tasks in Microsoft files like excel and Word. Macros and all other active contents are disabled by default in Microsoft files.
Attachments that seek enabling of macros need to be carefully scrutinized as there is high probability that these files are malicious. Accidental or deliberate act of enabling the macros may entrap users in a vicious cycle. The malicious code is executed as soon as the document is opened.
To counter the increase in macro based malware threats, Microsoft released a new feature in Office 2016 that blocks macros form loading in certain high-risk scenarios.
As a user you need to be cautious in handling unsolicited email attachments. It is recommended that you disable the macro functionality in common word processor to avoid these corrupted macros to run automatically.
Victims are advised not to fall in the trap and should never agree to pay the ransom under any circumstances, as they are often ignored once the ransom is paid. Moreover, if the victim pays ransom it helps cyber maniacs fund more activity of the ransom threat.
Name – Hermes RaaS
Category – Ransomware
Targeted Operating System – Windows XP, Windows Vista, Windows 7, Windows 8.0/8.1, Windows 10
Symptoms – User’s files are encrypted. All locked files are appended with “.hrm” extension after the encryption and hence cannot be accessed by the user.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.