HERMES ransomware

URI: https://gptkb.org/entity/HERMES_ransomware
GPTKB entity
Statements (29)
Predicate Object
gptkbp:instanceOf malware
gptkbp:associatedWith gptkb:Lazarus_Group
gptkbp:canDeleteShadowCopies true
gptkbp:canDisableRecovery true
gptkbp:canSpreadLaterally true
gptkbp:demandsRansomIn gptkb:Bitcoin
gptkbp:encryption files
gptkbp:fileExtension .hermes
.hrms
gptkbp:firstObserved 2017
gptkbp:hasBackdoorComponent sometimes
https://www.w3.org/2000/01/rdf-schema#label HERMES ransomware
gptkbp:marketedAs underground forums
gptkbp:notableBattle Far Eastern International Bank (Taiwan) 2017
gptkbp:notableVariant HERMES 2.0
HERMES 2.1
gptkbp:ransomDemanded varies
gptkbp:ransomNoteFileName DECRYPT_INFORMATION.html
DECRYPT_INFORMATION.txt
gptkbp:sells Ransomware-as-a-Service (RaaS)
gptkbp:spreadTo phishing emails
malicious attachments
gptkbp:supportsAlgorithm gptkb:RSA
gptkb:AES
gptkbp:target gptkb:Windows_operating_systems
gptkbp:usedIn gptkb:Far_Eastern_International_Bank_heist
WannaCry attack
gptkbp:bfsParent gptkb:Ryuk_ransomware_group
gptkbp:bfsLayer 7