ImSorry ransomware is a file-locking virus that aims to gain profits illegally for its developers

Sorry ransomware is a dangerous crypto-malware that aims to encrypt valuable information on the targeted computer and demand a ransom for the decryption tool. Currently, it uses AES[1] ciphers to lock the files with .sorry or .imsorry extension. After it finishes encoding data, victims receive Read me for help thanks.txt or How Recovery Files.txt documents which serve as ransom notes and insist on paying $500 ransom in Bitcoins.
| Name | ImSorry ransomware |
|---|---|
| Also known as | Sorry ransomware |
| Amount of the ransom | $500 in Bitcoins |
| Indicated emails | systems@hitler.rocks and systems@tutanota.com |
| Distribution | Travels inside the attachments of malicious spam emails |
| Extensions | .imsorry and .sorry |
| Ransom notes | Read me for help thanks.txt; How Recovery Files.txt |
| Removal | The only way to uninstall Sorry ransomware from the system is to get a professional antivirus, like FortectIntego |
It is worth knowing that .sorry extension ransomware virus has another its version which is very similar to the original one. However, the ransom notes might slightly differ, so the other variant of the malware indicates systems@hitler.rocks and systems@tutanota.com email addresses to make the payment after infection.

Malware is activated from the ImSorry.exe file. This malicious file is usually dropped on the system when a user clicks on a malicious email attachment. Once executed, ImSorry ransomware starts scanning device looking for the targeted files and encrypting them. Apart from damaging the data, it might also modify Windows Registry and install various dangerous files to run with system startup and perform its tasks.

Here is the extract of the .sorry file extension virus ransom note:
Hello, I hate to inform you but your files have been encrypted.
To get them back you must pay me a small fee.
Instructions are buy btc then pay me then i'll simply give you, your encryption key.
The instructions given in the ransom-demanding message state that people have to pay $500 in Bitcoins and transfer this sum of money in three weeks time to the provided address. Otherwise, the attacker says that the decryption key will be destroyed and the possibility to recover files encrypted by Sorry ransomware will be lost.

Once victims make the transaction, they are instructed to enter the payment address inside the given address box, and the Sorry ransomware decryptor is supposed to show up automatically in the ransom window. Later, the hacker claims that his victims merely need to click “Decrypt Files” button, and all the data should be rescued.
However, these empty promises are just a psychological trick to help swindle money and gain illegal profits for the developer of Im Sorry virus. Cybercriminals are widely known for their social engineering techniques that make people believe that the only option to regain the data is to pay the ransom. We want to warn you that it is not true!

If you remove Sorry ransomware virus, you will be able to try alternative file recovery techniques which can help you retrieve almost all of the encrypted data. The instructions how to use them are presented at the end of this article. Although, you must first get rid of this dangerous cyber threat.
The easiest way to complete ImSorry ransomware removal is to scan your system with a robust anti-malware software. For that, we suggest using FortectIntego. The elimination procedure will only require to click a few buttons and wait for the scan to finish. Otherwise, you can take your PC to the nearest IT technician.

What is more, this crypto-malware might also be capable of opening a backdoor to other malware. Thus, if you let the virus to stay on the computer, you are risking to catch other cyber infections and put your private information at risk. Therefore, you should not delay and get rid of Sorry ransomware as soon as possible.
Spam emails: hackers impersonate legitimate companies to infiltrate ransomware

Similar to most ransomware-type cyber threats, ImSorry ransomware spreads via multiple ways, including malicious spam emails, peer-to-peer (P2P) networks and malicious online ads. Therefore, users are advised to stay cautious on a daily basis and try to monitor their computer for suspicious downloads.
However, recently, we have received a report that ImSorry virus is actively spreading with the help of malspam campaigns[2] that trick people into clicking an obfuscated Word or PDF document. The attackers have created letters which look like sent from a legitimate company to gain the victim's trust.

Unfortunately, this is only a well-designed distribution technique which helps infiltrate ransomware on the targeted systems. Thus, you should carefully check your email box for suspicious letters. Additionally, open only the ones which are sent from an authorized person or the one you know.
Also, various file-sharing sites and P2P networks might also distribute this cyber parasite. The file-encrypting virus might be presented as a useful program there. Also, it might show up as a misleading ad that offers to install a critical update. In spite of all the potential dangers that lurk in the cyberspace, our IT professionals suggest you always to use security software for protection.
I Am Sorry virus removal guide
As we have mentioned throughout the article, the ImSorry virus is a highly dangerous cyber threat and trusting its author is not a wise decision either. If you uninstall the malware, you will have an option to use multiple recovery techniques to get your files back.
However, Novirus.uk[3] teams says that since ransomware-type infections are explicitly sophisticated, they can not only protect themselves against elimination but also let other malicious programs inside your system. For this reason, we suggest you remove ImSorry ransomware as quickly as possible, and the easiest way to do so is with a professional antivirus.
For Sorry ransomware removal we recommend using FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes. They have an easy-to-use user interface and complete the majority of the procedure automatically. However, feel free to use another reputable malware removal software of your choice as well.
After you get rid of Sorry ransomware, don't forget to check the recovery instructions appended at the end of this article. We recommend trying all of the indicated software to find the best one for you. If you have any further questions, feel free to contact us.
Was this guide helpful?
Be the first to comment