Hermes 2.1 ransomware is designed to encrypt your personal files and demand bitcoin to recover the files. The demand varies on different versions of the Hermes 2.1 ransomware.
Hermes 2.1 ransomware encrypts files on your computer and adds a string of unique characters to the extension of the encrypted files. For example, image.jpg becomes image.jpg.hrm
The decrypt text-file with instructions is placed on the Windows desktop: DECRYPT_INFORMATION.HTML
In the text displayed by the ransomware, the following is reported.
HERMES 2.1 RANSOMWARE
All your important files are encryptedYour files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact with us, pay, and get decryptor software.
We accept Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io
You have unique idkey (in a yellow frame), write it in letter when contact with us.
Also you can decrypt 1 file for test, its guarantee what we can decrypt your files.Contact information:
primary email: [email protected]
reserve email: [email protected]
In most cases, it is not possible to recover the files encrypted by Hermes 2.1 ransomware without the intervention of the Ransomware developers. The only way to recover files infected by Hermes 2.1 ransomware is to pay the ransomware developers. I do not recommend paying for the Hermes 2.1 ransomware, instead, make sure you have a valid FULL back-up of Windows and restore it immediately.
The developers of Hermes 2.1 ransomware offer support chat for victims on the payment page.
I’m not going to bore you with removal instructions that do not work. There is a lot of information on the Internet about how to get your files back that is encrypted by the Hermes 2.1 ransomware, but they do not work. For example, system restore, shadow copies, boot in windows recovery mode etc, these instructions do not work.
It’s a waste of time and valuable money. Most likely you need to buy a malware removal tool, which is useless in the Hermes 2.1 ransomware to personal restore files, it might remove the payload (the file that encrypted your files).
Ransomware is specifically designed to prevent users from restoring files using windows recovery, system restore, shadow copies. The only thing I recommend is to read my article: What you should do when you are infected with ransomware. The article includes a FREE malware removal tool to remove the payload of the Hermes 2.1 ransomware and instructions on how to proceed after the Hermes 2.1 ransomware infection.