The first attacks have happened through a compromised Korean website. Malwarebytes published an analysis report on the Hermes Ransomware. Researchers said Encrypted files dont have their names changed. Each file is encrypted with a new keythe same plaintext produces various ciphertext. The entropy of the encrypted file is high, and no patterns are visible. The ransom note pops up. Like other ransomware, it used symmetric algorithm AES to encrypt files and RSA to protect AES key.”]
Source: https://gbhackers.com/hermes-ransomware-distributed-malware/