Just a word to the wise...Just tried paying the ransom for the 'decryptor' for Hermes 2.1. The email addresses provided in this case seem to be different than the .ch ones that I have seen reported elsewhere, including above. In this case they were email@example.com and firstname.lastname@example.org. The asked for ransom was .2BT, roughly $1,450.00 US at current rates. They had me send in one encrypted file, and they did decrypt it successfully and return the file to me as proof that the had the correct key. Having then paid the ransom, I got back a message that said:
Untill u start decryptor: turn off all antivirus software,stop all databases (if exist and have been ecnrypted),
add all local resources (what have been ecnrypted)
after it you must start DECRYPTOR.exe with admin privileges, choose 2 mode (fully automatic decrypt) and wait,
after decryptor finished u see the message.
For additional question u can write in anytim
There was an 82kb file attached called decryptor.rar, which was totally bogus, it was not even a properly formatted rar file. Spread the word, DO NOT pay these guys, you will just be throwing good money after bad. These guys are idiots if they don't understand that if they are not at least going to return the decryption key when the ransom is paid the word is going to get out, and pretty soon they will have succeeded in putting themselves out of business. Couldn't happen to a nicer bunch of guys, if you ask me.
Edited by grumpyman, 01 June 2018 - 07:35 AM.