SlideShare a Scribd company logo

Hermes 2.1 Ransomware (Malware)

Download as PPTX, PDF
T
Tish997

Hermes 2.1 Ransomware (Malware), Technical details includes introduction of ransomware, how it install itself into your system and then how you can remove it from your system.

Education
1 of 24
HERMES 2.1 (Ransomware)
What is Ransomware ?  'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it.  Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
Types of Ransomware  Encryption Ransomware  Lock Screen Ransomware  Master Boot Record (MBR) Ransomware
Encryption Ransomware Example
Lock Screen Ransomware Example
Master Boot Record (MBR) Ransomware Example
Hermes 2.1 Ransomware  Hermes also follows the typical ransomware behavior by encrypting target user data with a strong cipher.  Next the victims are extorted to pay a ransomware fee.  All affected data is renamed using the HERMES file extension (.HRM). the virus targets all popular documents, databases, music, video, photos, configuration files and etc.
Hermes Ransomware Distribution The Hermes ransomware is distributed using the most popular virus delivery methods:  Email Spam Messages – The email messages are crafted to include links to the Hermes ransomware or deliver the payload as an attachment file. To increase the infection ratio the viruses can be masked as legitimate documents that may be of interest such as financial documents, invoices and personal letters.  Dangerous Redirects – Dangerous redirects such as browser hijackers and malicious ads can be used to deliver the Hermes ransomware.  Software Installers – Viruses can be bundled with infected software bundles that pose as legitimate apps, games and patches. The most popular source of infection are the pirate copies that are found on pirate sites and BitTorrent trackers.
Bank Robbery Using Hermes Ransomware  On Oct. 17, 2017. A crypto culprit uses Hermes ransomware for a sophisticated bank heist targeting Taiwan-based Far Eastern International Bank (FEIB).  The threat actors, were most likely North Korean ‘Lazarus’ hacker group, harnessed the ransomware as a smokescreen to distract the bank’s officials from the money theft going on backstage.
Technical Details - Installation  As soon as you become infected with this ransomware, the infection file connects to a remote host and downloads the malicious payload of this ransomware. It consists of several files  This Trojan drops the following copies of itself into the affected system and executes them: %All Users Profile%Reload.exe %All Users Profile%system_.bat %All Users Profile%shade.bat {folders containing encrypted files}UNIQUE_ID_DO_NOT_REMOVE {folders containing encrypted files}DECRYPT_INFORMATION.html {%Desktop%}UNIQUE_ID_DO_NOT_REMOVE {%Desktop%}DECRYPT_INFORMATION.html - ransom note
 Then it executes the following Windows Command Prompt commands in order to erase the shadow volume copies of your computer: Technical Details Installation Continue…
 This Trojan adds the following registry entries to enable its automatic execution at every system startup: Technical Details Installation Continue…
 To encrypt the files on your computer, the Hermes 2.1 ransomware uses Rivest-Shamir-Adleman encryption algorithm, known as RSA with a 2048 bit strenght. The virus targets specific file types for encryption, some of which are the following: Technical Details - Encryption
Message Displayed Is…
Sample of how files are Encrypted
Information About Decryption  On Feb. 16, 2017. Fabian Wosar, CTO and malware researcher at Emsisoft, sets up a live video session where he reverse- engineers and decrypts the new Hermes ransomware.
STEP 1:  Start the PC in Safe Mode with Network This will isolate all files and objects created by the ransomware so they will be removed efficiently. 1. Hit WIN Key + R 2. A Run window will appear. In it, write “msconfig” and then press Enter 3. A Configuration box shall appear. In it Choose the tab named “Boot” 4. Mark “Safe Boot” option and then go to “Network” under it to tick tick it too 5. Then Apply -> ok Hermes 2.1 Ransomware Removal
STEP 2:  Show Hidden Files STEP 3:  Enter Windows Task Manager and Stop Malicious Processes 1. Hit the following key combination: CTRL+SHIFT+ESC 2. Get over to “Processes” 3. When you find suspicious process right click on it and select “Open File Location” 4. Go back to Task Manager and end the malicious process. Right click on it again and choose “EndProcess” 5. Next you should go folder where the malicious file is located and delete it Hermes 2.1 Ransomware Removal Continue…
STEP 4:  Repair Windows Registry/Delete this registry value 1. Press Windows Button + R key combination 2. In the box, write “regedit” and hit Enter 3. In HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun 4. Remove this “sysrep = %All Users Profile%Reload.exe” Hermes 2.1 Ransomware Removal Continue…
STEP 5:  Search and delete following files 1. %All Users Profile%system_.bat 2. %All Users Profile%shade.bat 3. {folders containing encrypted files}UNIQUE_ID_DO_NOT_REMOVE 4. {folders containing encrypted files}DECRYPT_INFORMATION.html 5. {%Desktop%}UNIQUE_ID_DO_NOT_REMOVE 6. {%Desktop%}DECRYPT_INFORMATION.html Hermes 2.1 Ransomware Removal Continue…
STEP 6:  Scan your PC with a quality Anti-Virus, Anti-Malware program.  Recover your data from backups. Hermes 2.1 Ransomware Removal Continue…
 Perform Following steps for future prevention 1. Keep your software and operating systems up to date 2. Do not install applications from unfamiliar sources or untrusted websites 3. Read permissions closely when requested by programs or apps. 4. Back up data and devices frequently (Externally Recommended). 5. Install and regularly update a quality anti-malware product. 6. If infected, take every possible step to avoid paying. Prevention is the best cure when it comes to Ransomware
References  https://www.trendmicro.com/vinfo/us/threat-encyclopedia /malware/ransom_hermes.a  https://sensorstechforum.com/hrm-files-virus-hermes-2-1-remove-restore- files/  https://bestsecuritysearch.com/hermes-ransomware-virus-removal-steps- protection-updates/  https://blog.emsisoft.com/2017/02/17/emsisoft-reverses-and-decrypts- hermes-ransomware-in-real-time/
THANK YOU !!! Any Question ???

Recommended

Presentation1
Presentation1Presentation1
Presentation1aisyah2007
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking IT Department Akre
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virussitinursyafiqah
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Trojan horse
Trojan horseTrojan horse
Trojan horseGaurang Rathod
 

Recommended

Presentation1
Presentation1Presentation1
Presentation1aisyah2007
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
The Trojan Horse (Computing)
The Trojan Horse (Computing)The Trojan Horse (Computing)
The Trojan Horse (Computing)Angel Sophie
 
Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking Trojan Horse Virus and Hacking
Trojan Horse Virus and Hacking IT Department Akre
 
Trojan Horse Virus
Trojan Horse VirusTrojan Horse Virus
Trojan Horse Virussitinursyafiqah
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Trojan horse
Trojan horseTrojan horse
Trojan horseGaurang Rathod
 
Cyber crime
Cyber crimeCyber crime
Cyber crimePriyanshi Goel
 
RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014EMC
 
Case study
Case studyCase study
Case studyIvoNne Hndz
 
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14securityxploded
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt piancaPriyanka Daimary
 
Remove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXYRemove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXYjennyaniston
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
How to remove Trojan.Kulekmoko
How to remove Trojan.KulekmokoHow to remove Trojan.Kulekmoko
How to remove Trojan.Kulekmokodeniallorance65
 
Remove efishedo.info from Windows PCs
Remove efishedo.info from Windows PCsRemove efishedo.info from Windows PCs
Remove efishedo.info from Windows PCsComputer Security & Safety
 
Presentation
PresentationPresentation
PresentationNishant Barot
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101Mache Aggie
 
How to remove Trojan.Mirai
How to remove Trojan.MiraiHow to remove Trojan.Mirai
How to remove Trojan.Miraideniallorance65
 
How to remove Backdoor.Streamex
How to remove Backdoor.StreamexHow to remove Backdoor.Streamex
How to remove Backdoor.Streamexdeniallorance65
 
Ransomware
Ransomware Ransomware
Ransomware Deepak Kumar (D3)
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareCysinfo Cyber Security Community
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethicsjnallnmnl
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100737728_ahmed
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!pratikpandya18
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Slideshare lyrics container
Slideshare lyrics containerSlideshare lyrics container
Slideshare lyrics containerEmily Grayson
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhandenullowaspmumbai
 
Data loss causes and its threats
Data loss causes and its threatsData loss causes and its threats
Data loss causes and its threatsRemo Software
 

More Related Content

What's hot

RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014EMC
 
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14securityxploded
 
Remove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXYRemove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXYjennyaniston
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
How to remove Trojan.Kulekmoko
How to remove Trojan.KulekmokoHow to remove Trojan.Kulekmoko
How to remove Trojan.Kulekmokodeniallorance65
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101Mache Aggie
 
How to remove Trojan.Mirai
How to remove Trojan.MiraiHow to remove Trojan.Mirai
How to remove Trojan.Miraideniallorance65
 
How to remove Backdoor.Streamex
How to remove Backdoor.StreamexHow to remove Backdoor.Streamex
How to remove Backdoor.Streamexdeniallorance65
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethicsjnallnmnl
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Slideshare lyrics container
Slideshare lyrics containerSlideshare lyrics container
Slideshare lyrics containerEmily Grayson
 

What's hot (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014RSA Monthly Online Fraud Report -- June 2014
RSA Monthly Online Fraud Report -- June 2014
 
Case study
Case studyCase study
Case study
 
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
Watering Hole Attacks Case Study and Analysis_SecurityXploded_Meet_june14
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
 
Remove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXYRemove TROJ_PIDIEF.SMXY
Remove TROJ_PIDIEF.SMXY
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K Trojan
 
How to remove Trojan.Kulekmoko
How to remove Trojan.KulekmokoHow to remove Trojan.Kulekmoko
How to remove Trojan.Kulekmoko
 
Remove efishedo.info from Windows PCs
Remove efishedo.info from Windows PCsRemove efishedo.info from Windows PCs
Remove efishedo.info from Windows PCs
 
Presentation
PresentationPresentation
Presentation
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101
 
How to remove Trojan.Mirai
How to remove Trojan.MiraiHow to remove Trojan.Mirai
How to remove Trojan.Mirai
 
How to remove Backdoor.Streamex
How to remove Backdoor.StreamexHow to remove Backdoor.Streamex
How to remove Backdoor.Streamex
 
Ransomware
Ransomware Ransomware
Ransomware
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malware
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethics
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Slideshare lyrics container
Slideshare lyrics containerSlideshare lyrics container
Slideshare lyrics container
 

Similar to Hermes 2.1 Ransomware (Malware)

Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhandenullowaspmumbai
 
Data loss causes and its threats
Data loss causes and its threatsData loss causes and its threats
Data loss causes and its threatsRemo Software
 
Harmful software
Harmful softwareHarmful software
Harmful softwareBijoKG2
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan BackdoorsJauwadSyed
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part Onebackdoor
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-RansomwareDave Augustine
 

Similar to Hermes 2.1 Ransomware (Malware) (20)

Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhande
 
Data loss causes and its threats
Data loss causes and its threatsData loss causes and its threats
Data loss causes and its threats
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Harmful software
Harmful softwareHarmful software
Harmful software
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Trojan Backdoors
Trojan BackdoorsTrojan Backdoors
Trojan Backdoors
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of Ransomware
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Ransomware
RansomwareRansomware
Ransomware
 
Computer virus
Computer virusComputer virus
Computer virus
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
virus
virusvirus
virus
 
Malwares
MalwaresMalwares
Malwares
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Computer virus
Computer virus Computer virus
Computer virus
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
SMB Guide-to-Ransomware
SMB Guide-to-RansomwareSMB Guide-to-Ransomware
SMB Guide-to-Ransomware
 

More from Tish997

2 3 Trees Algorithm - Data Structure
2 3 Trees Algorithm - Data Structure2 3 Trees Algorithm - Data Structure
2 3 Trees Algorithm - Data StructureTish997
 
Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Tish997
 
JS Bank (Evaluation of the Performance Appraisal System)
JS Bank (Evaluation of the Performance Appraisal System)JS Bank (Evaluation of the Performance Appraisal System)
JS Bank (Evaluation of the Performance Appraisal System)Tish997
 
Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Tish997
 
Energy Core Ecx - 2000 Processor
Energy Core Ecx - 2000 Processor Energy Core Ecx - 2000 Processor
Energy Core Ecx - 2000 Processor Tish997
 
Transition words - English
Transition words - EnglishTransition words - English
Transition words - EnglishTish997
 
Parts of Report - English Presentation
Parts of Report - English PresentationParts of Report - English Presentation
Parts of Report - English PresentationTish997
 
Theory of expectancy
Theory of expectancyTheory of expectancy
Theory of expectancyTish997
 
Online vehicle showroom DB project
Online vehicle showroom DB projectOnline vehicle showroom DB project
Online vehicle showroom DB projectTish997
 
Bayes rule (Bayes Law)
Bayes rule (Bayes Law)Bayes rule (Bayes Law)
Bayes rule (Bayes Law)Tish997
 

More from Tish997 (10)

2 3 Trees Algorithm - Data Structure
2 3 Trees Algorithm - Data Structure2 3 Trees Algorithm - Data Structure
2 3 Trees Algorithm - Data Structure
 
Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)
 
JS Bank (Evaluation of the Performance Appraisal System)
JS Bank (Evaluation of the Performance Appraisal System)JS Bank (Evaluation of the Performance Appraisal System)
JS Bank (Evaluation of the Performance Appraisal System)
 
Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)Assembly language (Example with mapping from C++ to Assembly)
Assembly language (Example with mapping from C++ to Assembly)
 
Energy Core Ecx - 2000 Processor
Energy Core Ecx - 2000 Processor Energy Core Ecx - 2000 Processor
Energy Core Ecx - 2000 Processor
 
Transition words - English
Transition words - EnglishTransition words - English
Transition words - English
 
Parts of Report - English Presentation
Parts of Report - English PresentationParts of Report - English Presentation
Parts of Report - English Presentation
 
Theory of expectancy
Theory of expectancyTheory of expectancy
Theory of expectancy
 
Online vehicle showroom DB project
Online vehicle showroom DB projectOnline vehicle showroom DB project
Online vehicle showroom DB project
 
Bayes rule (Bayes Law)
Bayes rule (Bayes Law)Bayes rule (Bayes Law)
Bayes rule (Bayes Law)
 

Recently uploaded

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

Hermes 2.1 Ransomware (Malware)

  • 2. What is Ransomware ?  'Ransomware' is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it.  Typically, the ransomware will either 'lock' the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.
  • 3. Types of Ransomware  Encryption Ransomware  Lock Screen Ransomware  Master Boot Record (MBR) Ransomware
  • 6. Master Boot Record (MBR) Ransomware Example
  • 7. Hermes 2.1 Ransomware  Hermes also follows the typical ransomware behavior by encrypting target user data with a strong cipher.  Next the victims are extorted to pay a ransomware fee.  All affected data is renamed using the HERMES file extension (.HRM). the virus targets all popular documents, databases, music, video, photos, configuration files and etc.
  • 8. Hermes Ransomware Distribution The Hermes ransomware is distributed using the most popular virus delivery methods:  Email Spam Messages – The email messages are crafted to include links to the Hermes ransomware or deliver the payload as an attachment file. To increase the infection ratio the viruses can be masked as legitimate documents that may be of interest such as financial documents, invoices and personal letters.  Dangerous Redirects – Dangerous redirects such as browser hijackers and malicious ads can be used to deliver the Hermes ransomware.  Software Installers – Viruses can be bundled with infected software bundles that pose as legitimate apps, games and patches. The most popular source of infection are the pirate copies that are found on pirate sites and BitTorrent trackers.
  • 9. Bank Robbery Using Hermes Ransomware  On Oct. 17, 2017. A crypto culprit uses Hermes ransomware for a sophisticated bank heist targeting Taiwan-based Far Eastern International Bank (FEIB).  The threat actors, were most likely North Korean ‘Lazarus’ hacker group, harnessed the ransomware as a smokescreen to distract the bank’s officials from the money theft going on backstage.
  • 10. Technical Details - Installation  As soon as you become infected with this ransomware, the infection file connects to a remote host and downloads the malicious payload of this ransomware. It consists of several files  This Trojan drops the following copies of itself into the affected system and executes them: %All Users Profile%Reload.exe %All Users Profile%system_.bat %All Users Profile%shade.bat {folders containing encrypted files}UNIQUE_ID_DO_NOT_REMOVE {folders containing encrypted files}DECRYPT_INFORMATION.html {%Desktop%}UNIQUE_ID_DO_NOT_REMOVE {%Desktop%}DECRYPT_INFORMATION.html - ransom note
  • 11.  Then it executes the following Windows Command Prompt commands in order to erase the shadow volume copies of your computer: Technical Details Installation Continue…
  • 12.  This Trojan adds the following registry entries to enable its automatic execution at every system startup: Technical Details Installation Continue…
  • 13.  To encrypt the files on your computer, the Hermes 2.1 ransomware uses Rivest-Shamir-Adleman encryption algorithm, known as RSA with a 2048 bit strenght. The virus targets specific file types for encryption, some of which are the following: Technical Details - Encryption
  • 15. Sample of how files are Encrypted
  • 16. Information About Decryption  On Feb. 16, 2017. Fabian Wosar, CTO and malware researcher at Emsisoft, sets up a live video session where he reverse- engineers and decrypts the new Hermes ransomware.
  • 17. STEP 1:  Start the PC in Safe Mode with Network This will isolate all files and objects created by the ransomware so they will be removed efficiently. 1. Hit WIN Key + R 2. A Run window will appear. In it, write “msconfig” and then press Enter 3. A Configuration box shall appear. In it Choose the tab named “Boot” 4. Mark “Safe Boot” option and then go to “Network” under it to tick tick it too 5. Then Apply -> ok Hermes 2.1 Ransomware Removal
  • 18. STEP 2:  Show Hidden Files STEP 3:  Enter Windows Task Manager and Stop Malicious Processes 1. Hit the following key combination: CTRL+SHIFT+ESC 2. Get over to “Processes” 3. When you find suspicious process right click on it and select “Open File Location” 4. Go back to Task Manager and end the malicious process. Right click on it again and choose “EndProcess” 5. Next you should go folder where the malicious file is located and delete it Hermes 2.1 Ransomware Removal Continue…
  • 19. STEP 4:  Repair Windows Registry/Delete this registry value 1. Press Windows Button + R key combination 2. In the box, write “regedit” and hit Enter 3. In HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun 4. Remove this “sysrep = %All Users Profile%Reload.exe” Hermes 2.1 Ransomware Removal Continue…
  • 20. STEP 5:  Search and delete following files 1. %All Users Profile%system_.bat 2. %All Users Profile%shade.bat 3. {folders containing encrypted files}UNIQUE_ID_DO_NOT_REMOVE 4. {folders containing encrypted files}DECRYPT_INFORMATION.html 5. {%Desktop%}UNIQUE_ID_DO_NOT_REMOVE 6. {%Desktop%}DECRYPT_INFORMATION.html Hermes 2.1 Ransomware Removal Continue…
  • 21. STEP 6:  Scan your PC with a quality Anti-Virus, Anti-Malware program.  Recover your data from backups. Hermes 2.1 Ransomware Removal Continue…
  • 22.  Perform Following steps for future prevention 1. Keep your software and operating systems up to date 2. Do not install applications from unfamiliar sources or untrusted websites 3. Read permissions closely when requested by programs or apps. 4. Back up data and devices frequently (Externally Recommended). 5. Install and regularly update a quality anti-malware product. 6. If infected, take every possible step to avoid paying. Prevention is the best cure when it comes to Ransomware
  • 23. References  https://www.trendmicro.com/vinfo/us/threat-encyclopedia /malware/ransom_hermes.a  https://sensorstechforum.com/hrm-files-virus-hermes-2-1-remove-restore- files/  https://bestsecuritysearch.com/hermes-ransomware-virus-removal-steps- protection-updates/  https://blog.emsisoft.com/2017/02/17/emsisoft-reverses-and-decrypts- hermes-ransomware-in-real-time/
  • 24. THANK YOU !!! Any Question ???